https://community.cisco.com/t5/network-security/static-nat-syn-timeout-asa-5505/m-p/1789938#M532040 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>Mostlikely the IP address that you have for your webserver is not able to reach the internet. Can you connect a host directly to the internet line, assign that IP and see if it works? If it does work, put the static NAT entry on the ASA firewall again. </P><P></P><P>If you have access to the ISP router or the next hop, do a show arp (If it is a cisco device) and make sure that the mac-address of the IP address of the webserver is the mac-address of the outside interface of the ASA. </P><P></P><P>If it is not, then you need to engage the ISP so they can make it so. </P><P></P><P>Mike </P></BODY></HTML> Wed, 31 Aug 2011 23:51:09 GMT Maykol Rojas 2011-08-31T23:51:09Z https://community.cisco.com/t5/network-security/static-nat-syn-timeout-asa-5505/m-p/1789937#M532039 <P>Hi,</P><P></P><P>I have a 5505 that has been running without any problems until recently.&nbsp; There has not been any changes.</P><P></P><P>I have a 5505 for a small business that has one web server.&nbsp; The web server has a static NAT entry to an IP address and not an interface.&nbsp; There is an access rule allowing any HTTP traffic to the outside IP of the web server.&nbsp; From the web server I can't access the Internet.</P><P></P><P>All other computers on the network can access the Internet using a dynamic nat rule that uses the outside interface.</P><P></P><P>The web server is accessible from a computer behind the firewall.</P><P></P><P>If I delete the static NAT entry for the web server I can get on the Internet.</P><P></P><P>I have turned debugging on and see that an outbound connection is built and then 30 seconds later the connection is torn down with the bytes 0 SYN Timeout message.</P><P></P><P>I am running 8.0(5).</P><P></P><P>Any help would be greatly appreciated.</P><P></P><P>James</P> Mon, 11 Mar 2019 21:19:25 GMT https://community.cisco.com/t5/network-security/static-nat-syn-timeout-asa-5505/m-p/1789937#M532039 jkrysinski 2019-03-11T21:19:25Z https://community.cisco.com/t5/network-security/static-nat-syn-timeout-asa-5505/m-p/1789938#M532040 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>Mostlikely the IP address that you have for your webserver is not able to reach the internet. Can you connect a host directly to the internet line, assign that IP and see if it works? If it does work, put the static NAT entry on the ASA firewall again. </P><P></P><P>If you have access to the ISP router or the next hop, do a show arp (If it is a cisco device) and make sure that the mac-address of the IP address of the webserver is the mac-address of the outside interface of the ASA. </P><P></P><P>If it is not, then you need to engage the ISP so they can make it so. </P><P></P><P>Mike </P></BODY></HTML> Wed, 31 Aug 2011 23:51:09 GMT https://community.cisco.com/t5/network-security/static-nat-syn-timeout-asa-5505/m-p/1789938#M532040 Maykol Rojas 2011-08-31T23:51:09Z https://community.cisco.com/t5/network-security/static-nat-syn-timeout-asa-5505/m-p/1789939#M532041 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I took your advice.&nbsp; Hooked up a laptop directly and assigned the addressed that the web server was assigned to.&nbsp; The laptop couldn't get onto the Internet either.&nbsp; Powered off the provider's cable modem and everything worked.&nbsp; I completely forgot about the cable modem portion.&nbsp; When in doubt reboot.</P><P></P><P>Thanks for the suggestion.</P><P></P><P>Regards,</P><P>Jamie</P></BODY></HTML> Thu, 01 Sep 2011 17:35:22 GMT https://community.cisco.com/t5/network-security/static-nat-syn-timeout-asa-5505/m-p/1789939#M532041 jkrysinski 2011-09-01T17:35:22Z https://community.cisco.com/t5/network-security/static-nat-syn-timeout-asa-5505/m-p/1789940#M532042 <HTML><HEAD></HEAD><BODY><P>LOL! </P><P></P><P>Thats the spirit, I am glad that everything worked <SPAN __jive_emoticon_name="grin" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/grin.gif"></SPAN> </P><P></P><P>Cheers! </P><P></P><P>Mike </P></BODY></HTML> Thu, 01 Sep 2011 17:53:04 GMT https://community.cisco.com/t5/network-security/static-nat-syn-timeout-asa-5505/m-p/1789940#M532042 Maykol Rojas 2011-09-01T17:53:04Z