none
Cisco ASA in parallel with UAG RRS feed

  • General discussion

  • I'm trying to replace our TMG server with a Cisco ASA 5510 and have it run in parallel with our UAG server and I think I'm running into a problem with how I have the public IP addresses defined.  Right now I have in place  the internet ISP router > Layer 2 Switch > TMG and UAG in parallel > inside network.  I'm replacing the TMG with the Cisco.  But everytime I do that it brings DirectAccess down with the error DnsAlgSrv Event 20023 "A Socket listener failed to start.  The UAG DNS64 service starts but cannot accept traffic".  The Cisco has x.x.x.162 /27 defined on the outside interface and the UAG has x.x.x.173 - 174 /27 defined on it's outside.  I doublechecked NAT on the Cisco and there isn't anything pointing to .173 or 174.  But I'm assuming because I have the entire subnet defined on Cisco, the UAG thinks it's ip addresses are defined on the Cisco and I get that error?  Short of getting another IP block from my ISP, how could I define the Cisco or the UAG to play nice together.  I've read about NAT 0 and placing the UAG in the Cisco DMZ or operating the Cisco in transparent mode, but I'd rather keep the UAG in parallel with the Cisco. 

    I thought about subnetting my ISP block (x.x.x.162 /28 and x.x.x.175 /28), but wouldn't that require a 2nd gateway defined on the ISP router?  I mean, I can't have the .161 gateway defined for both subnets, correct?  Basically, I'm having a hard time getting the Cisco and the UAG in parallel with my one x.x.x.160/27 block of public ip addresses.  Ideas?

    Monday, March 4, 2013 1:01 PM

All replies

  • One thing to try is reboot the isp router and the switch when you install the Cisco.

    The problem could be due to static arp cache on the isp router. I have had this a number of times when swapping kit out?

     

    Regards, Rmknight

    Monday, March 4, 2013 2:48 PM
  • Thank you, never thought about ARP and rebooting the isp router.  I'll give it a shot; will have to wait till this Saturday, but I'll update this thread on my findings in case someone else runs into this.  Thanks again.
    Monday, March 4, 2013 6:40 PM