Re: [squid-users] [Urgent] Please help : NAT + squid2.7 on ubuntu server 9.10 + cisco firewall (ASA5510)

From: Horacio H. <pokehorace_at_gmail.com>
Date: Mon, 12 Apr 2010 13:42:33 -0500

2010/4/8 Vichao Saenghiranwathana <vichaos_at_gmail.com>:

> I still stunned. Can you explain more in deeper detail so I can
> understand what the problem is.
>

Hi Vichao,

If you already have a static NAT translation at the ASA between these
two addresses: 192.168.9.251 and 203.130.133.9, it doesn't make sense
to me why you also configured the same public IP address at the second
subinterface. Unless you need it for an unrelated setup, you may want
to remove the second subinterface because (if you also configured a
default-gateway there) when external packets are destinede to the
address 203.130.133.9 it might cause the ASA to NAT packets that
shouldn't be, or viceversa.

Aside from that, if the issue persist your next clue resides in
collecting all the info your ASA shows about the WCCP
association/registration, and monitor the counters of the GRE tunnel
and iptables active rules and default policies.

I hope this comment was helpful. I have a similar setup and it works fine.

Regards,
Horacio.
Received on Mon Apr 12 2010 - 18:42:41 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 13 2010 - 12:00:04 MDT