topic Based on the log, the in Network Security

How to correct: TCP access denied by ACL

alafever1 — Tue, 12 Mar 2019 05:19:54 GMT

Hello!

I seem to have stumbled into a problem I am not sure how to correct. I have a web server on a DMZ (10.1.10.5) that works correctly for all sites housed on it with the exception of one. The server serves up the login page but upon trying to login the following message is received:

TCP access denied by ACL from 10.1.10.5/53346 to dmz: xx.xx.xx.xx/445 (where x is the public IP)

I have tried creating an ACL that allows the two to communicate. Even then I get a message that the ASA has detected IP Spoofing and it blocks it.

I am attaching my config. Note there are some rules there to allow the staff on the inside to access the sites using public URLs instead of server IPs.

My question is how can I allow this authentication traffic to be passed?

Based on the log, the

Karsten Iwen — Mon, 12 Jan 2015 15:34:12 GMT

Based on the log, the webserver sends an HTTP-redirect to the port 445. But for this port you don't have a translation and also no access-rule.

Thanks for your response.I

alafever1 — Mon, 12 Jan 2015 15:47:30 GMT

Thanks for your response.

I have added:
object network WEBSERVER-TCP445
host 10.1.10.5
nat (DMZ,outside) static interface service tcp 445 445
access-list outside_acl extended permit tcp any object WEBSERVER-TCP445 eq 445

I appear to still be receiving the message. New config attached.

Any other ideas? Seems weird

alafever1 — Wed, 14 Jan 2015 19:46:42 GMT

Any other ideas?

Seems weird that the 10.1.10.5 (which is inside the DMZ) is being blocked to the DMZ public IP. I've tried several configurations...some remove the error the the site still does not function.

can u please confirmed

jeevak mukadam — Fri, 16 Jan 2015 20:38:55 GMT

can u please confirmed weather xxx ip is at outside or at dmz side. can u provide asa log.

TCP access denied by ACL from 10.1.10.5/53346 to dmz: xx.xx.xx.xx/445 (where x is the public IP)

xxx IP is the Outside

alafever1 — Fri, 16 Jan 2015 21:24:51 GMT

xxx IP is the Outside interface public facing address. I was a little confused about the message because 10.1.10.5 is in the DMZ and is the webserver that the public IP sends that traffic to.

What kind of log can I provide for you? I am not very familiar with the logging settings. If you tell me how to get it I'll post it for you.

Really appreciate the response. Thanks!

Hi,can post real time logs

jeevak mukadam — Sat, 17 Jan 2015 03:09:05 GMT

Hi,

can post real time logs generated by firewall. sh logging

or print screen of real time logs via asdm.

JEEVAK,

The logs have my public IP

alafever1 — Mon, 19 Jan 2015 19:36:36 GMT

The logs have my public IP address plastered all over them. I wouldn't feel comfortable posting them here. Other than the one TCP denied message there doesn't seem to be any other entries related to the login request.

Are there any particular tests I may be able to run to help give you information that might be useful?