https://community.cisco.com/t5/network-security/cisco-asa-5510-cannot-connect-to-site-through-appliance/m-p/1646019#M559339 <HTML><HEAD></HEAD><BODY><P>Ricoh accepting all public IP addresses.&nbsp; I apologize, I made a typo in my original post.&nbsp; The IP address of the Ricoh appliance is 172.16.1.135.</P></BODY></HTML> Wed, 23 Mar 2011 12:13:54 GMT dancumming 2011-03-23T12:13:54Z https://community.cisco.com/t5/network-security/cisco-asa-5510-cannot-connect-to-site-through-appliance/m-p/1646017#M559331 <P>Good morning,</P><P></P><P>I have an @Remote appliance through Ricoh for our copiers.&nbsp; This appliance connects to their site to transfer meter readings and other information.&nbsp; This appliance can't connect to their site to transmit data.&nbsp; Ricoh is telling me the problem is on our firewill.&nbsp; I have assigned the Ricoh appliance a static IP address in our network.&nbsp; Our firewall is a Cisco ASA 5510.&nbsp; I don't have much expereince with logging on the ASA, so I'm not sure what "teardown dynamic TCP translation from inside" means.&nbsp; Is there something that is preventing this IP from contacting the Ricoh site?</P><P></P><P>Here is the live log when I try to make the connection.&nbsp; I have filtered it for the address of the appliance which is 172.16.1.135</P><P></P><P></P><P>6|Mar 22 2011 08:55:58|305012: Teardown dynamic TCP translation from inside:172.16.1.135/60407 to outside:208.39.161.66/21292 duration 0:00:30<BR />6|Mar 22 2011 08:55:55|305012: Teardown dynamic TCP translation from inside:172.16.1.135/43888 to outside:208.39.161.66/21289 duration 0:00:30<BR />6|Mar 22 2011 08:55:51|305012: Teardown dynamic TCP translation from inside:172.16.1.135/54308 to outside:208.39.161.66/21284 duration 0:00:30<BR />6|Mar 22 2011 08:55:48|305012: Teardown dynamic TCP translation from inside:172.16.1.135/35539 to outside:208.39.161.66/21282 duration 0:00:30<BR />6|Mar 22 2011 08:55:47|305012: Teardown dynamic ICMP translation from inside:172.16.1.135/796 to outside:208.39.161.66/13 duration 0:00:30<BR />6|Mar 22 2011 08:55:28|302014: Teardown TCP connection 312519 for outside:210.173.216.40/443 to inside:172.16.1.135/60407 duration 0:00:00 bytes 91 TCP Reset-I<BR />6|Mar 22 2011 08:55:28|302013: Built outbound TCP connection 312519 for outside:210.173.216.40/443 (210.173.216.40/443) to inside:172.16.1.135/60407 (208.39.161.66/21292)<BR />6|Mar 22 2011 08:55:28|305011: Built dynamic TCP translation from inside:172.16.1.135/60407 to outside:208.39.161.66/21292<BR />6|Mar 22 2011 08:55:25|302014: Teardown TCP connection 312496 for outside:210.173.216.40/443 to inside:172.16.1.135/43888 duration 0:00:00 bytes 91 TCP Reset-I<BR />6|Mar 22 2011 08:55:25|302013: Built outbound TCP connection 312496 for outside:210.173.216.40/443 (210.173.216.40/443) to inside:172.16.1.135/43888 (208.39.161.66/21289)<BR />6|Mar 22 2011 08:55:25|305011: Built dynamic TCP translation from inside:172.16.1.135/43888 to outside:208.39.161.66/21289<BR />6|Mar 22 2011 08:55:22|302014: Teardown TCP connection 312371 for outside:210.173.216.40/443 to inside:172.16.1.135/54308 duration 0:00:00 bytes 91 TCP Reset-I<BR />6|Mar 22 2011 08:55:21|302013: Built outbound TCP connection 312371 for outside:210.173.216.40/443 (210.173.216.40/443) to inside:172.16.1.135/54308 (208.39.161.66/21284)<BR />6|Mar 22 2011 08:55:21|305011: Built dynamic TCP translation from inside:172.16.1.135/54308 to outside:208.39.161.66/21284<BR />6|Mar 22 2011 08:55:19|302021: Teardown ICMP connection for faddr 210.173.216.40/0 gaddr 208.39.161.66/13 laddr 172.16.1.135/796<BR />6|Mar 22 2011 08:55:18|302014: Teardown TCP connection 312258 for outside:210.173.216.40/443 to inside:172.16.1.135/35539 duration 0:00:00 bytes 91 TCP Reset-I<BR />6|Mar 22 2011 08:55:18|302013: Built outbound TCP connection 312258 for outside:210.173.216.40/443 (210.173.216.40/443) to inside:172.16.1.135/35539 (208.39.161.66/21282)<BR />6|Mar 22 2011 08:55:18|305011: Built dynamic TCP translation from inside:172.16.1.135/35539 to outside:208.39.161.66/21282<BR />6|Mar 22 2011 08:55:17|302020: Built outbound ICMP connection for faddr 210.173.216.40/0 gaddr 208.39.161.66/13 laddr 172.16.1.135/796<BR />6|Mar 22 2011 08:55:17|305011: Built dynamic ICMP translation from inside:172.16.1.135/796 to outside:208.39.161.66/13<BR />6|Mar 22 2011 08:54:54|305012: Teardown dynamic ICMP translation from inside:172.16.1.135/794 to outside:208.39.161.66/12 duration 0:00:30<BR />6|Mar 22 2011 08:54:26|302021: Teardown ICMP connection for faddr 210.173.216.40/0 gaddr 208.39.161.66/12 laddr 172.16.1.135/794<BR />6|Mar 22 2011 08:54:24|302020: Built outbound ICMP connection for faddr 210.173.216.40/0 gaddr 208.39.161.66/12 laddr 172.16.1.135/794<BR />6|Mar 22 2011 08:54:24|305011: Built dynamic ICMP translation from inside:172.16.1.135/794 to outside:208.39.161.66/12</P><P></P><P></P><P></P><P>Here is the config for my ASA</P><P></P><P></P><P>Bordentown-PIX# show run<BR />: Saved<BR />:<BR />ASA Version 7.0(8)<BR />!<BR />hostname Bordentown-PIX<BR />domain-name bordentown.k12.nj.us<BR />enable password A8EW9svYyTEcA4Ua encrypted<BR />passwd A8EW9svYyTEcA4Ua encrypted<BR />no names<BR />name 172.16.1.41 BRSDPROXY<BR />name 172.16.1.253 Voice_conf<BR />name 208.39.161.68 Voice_conf_out<BR />name 172.16.1.8 bordentownfs2<BR />name 172.16.1.43 btprx<BR />name 172.16.1.6 pri_ComCastMail<BR />name 172.16.1.201 pri_bordentodell1<BR />name 172.16.1.22 pri_brvstream<BR />name 172.16.1.26 pri_remoteacc<BR />name 172.16.1.200 pri_service_2<BR />name 208.39.161.70 pub_ComCastMail<BR />name 208.39.161.67 pub_bordentdell1<BR />name 208.39.161.73 pub_bordentownfs2<BR />name 208.39.161.72 pub_brvstream<BR />name 208.39.161.76 pub_bsdinfosys<BR />name 208.39.161.74 pub_remoteacc</P><P>name 208.39.161.69 pub_service_2<BR />dns-guard<BR />!<BR />interface Ethernet0/0<BR /> nameif outside<BR /> security-level 0<BR /> ip address 208.39.161.66 255.255.255.240<BR />!<BR />interface Ethernet0/1<BR /> nameif inside<BR /> security-level 100<BR /> ip address 172.16.5.1 255.255.0.0<BR />!<BR />interface Ethernet0/2<BR /> nameif DMZ<BR /> security-level 50<BR /> ip address 192.168.0.1 255.255.255.0<BR />!<BR />interface Ethernet0/3<BR /> shutdown<BR /> no nameif<BR /> no security-level<BR /> no ip address<BR />!<BR />interface Management0/0<BR /> nameif management<BR /> security-level 100<BR /> ip address 192.168.1.1 255.255.255.0<BR /> management-only<BR />!<BR />ftp mode passive<BR />clock timezone EST -5<BR />clock summer-time EDT recurring 1 Sun Apr 2:00 last Sun Oct 2:00<BR />object-group service wwww tcp<BR /> port-object eq www<BR />access-list inside_access_in extended permit icmp any any<BR />access-list inside_access_in extended permit tcp any any<BR />access-list inside_access_in extended permit tcp host 172.16.1.22 eq 8002 any<BR />access-list inside_access_in extended permit tcp host 172.16.1.22 eq domain any<BR />access-list inside_access_in extended permit tcp host 172.16.1.22 eq www any<BR />access-list inside_access_in extended permit tcp host 172.16.1.135 eq https any<BR />access-list inside_access_in extended permit tcp host 172.16.1.135 eq www any<BR />access-list acl_in extended permit icmp any any<BR />access-list acl_out extended permit icmp any any<BR />access-list acl_out extended permit ip host 172.16.1.22 any<BR />access-list acl_out extended permit ip host 172.16.1.43 any<BR />access-list acl_out extended permit ip host 172.16.1.201 any<BR />access-list acl_out extended permit ip host 172.16.1.51 any<BR />access-list acl_out extended permit ip host 172.16.1.52 any<BR />access-list acl_out extended permit ip host 172.16.1.53 any<BR />access-list acl_out extended permit tcp any host 208.39.161.72 eq www<BR />access-list acl_out extended permit ip host 172.16.1.226 any<BR />access-list acl_out extended permit ip host 172.16.1.242 any<BR />access-list acl_out extended permit ip host 172.16.1.1 any<BR />access-list acl_out extended permit ip host 172.16.2.9 any<BR />access-list acl_out extended permit ip host 172.16.1.6 any<BR />access-list acl_out extended permit ip host 172.16.1.8 any<BR />access-list acl_out extended permit ip host 172.16.1.35 any<BR />access-list acl_out extended permit ip host 172.16.1.41 any<BR />access-list acl_out extended permit ip host 172.16.1.230 any<BR />access-list acl_out extended permit ip host 172.16.1.231 any<BR />access-list acl_out extended permit ip host 172.16.1.200 any<BR />access-list acl_out extended permit ip host 172.16.1.48 any<BR />access-list acl_out extended permit ip host 172.16.1.24 any<BR />access-list acl_out extended permit ip host 172.16.1.26 any<BR />access-list acl_out extended permit ip host 172.16.1.250 any<BR />access-list acl_out extended permit ip host 172.16.3.36 any<BR />access-list acl_out extended permit ip host 172.16.4.110 any<BR />access-list acl_out extended permit ip host 172.16.1.240 any<BR />access-list acl_out extended permit ip host 172.16.1.229 any<BR />access-list acl_out extended permit ip host 192.168.0.2 any<BR />access-list acl_out extended permit ip host 172.16.1.241 any<BR />access-list acl_out extended permit ip host 172.16.1.221 any<BR />access-list acl_out extended permit ip host 172.16.1.222 any<BR />access-list acl_out extended permit ip host 172.16.1.223 any<BR />access-list acl_out extended permit ip host 172.16.1.224 any<BR />access-list acl_out extended permit ip host 172.16.1.225 any<BR />access-list acl_out extended permit ip host 172.16.1.227 any<BR />access-list acl_out extended permit ip host 172.16.1.228 any<BR />access-list acl_out extended permit ip host 172.16.1.232 any<BR />access-list acl_out extended permit ip host 172.16.1.233 any<BR />access-list acl_out extended permit ip host 172.16.1.234 any<BR />access-list acl_out extended permit ip host 172.16.1.235 any<BR />access-list acl_out extended permit ip host 172.16.1.243 any<BR />access-list acl_out extended permit ip host 172.16.2.118 any<BR />access-list acl_out extended permit ip host 172.16.1.130 any<BR />access-list acl_out extended permit ip host 172.16.1.131 any<BR />access-list acl_out extended permit ip host 172.16.1.132 any<BR />access-list acl_out extended permit ip host 172.16.1.7 any<BR />access-list acl_out extended permit ip host 172.16.1.202 any<BR />access-list acl_out extended permit ip host 192.168.0.3 any<BR />access-list acl_out extended permit ip host 172.16.2.177 any<BR />access-list acl_out extended permit ip host 172.16.1.253 any<BR />access-list acl_out extended permit ip host 172.16.1.14 any<BR />access-list acl_out extended permit tcp any host 172.16.3.135 eq 5806<BR />access-list acl_out extended permit tcp any host 172.16.1.31 eq ssh<BR />access-list acl_out extended permit ip host 172.16.5.17 any<BR />access-list acl_out extended permit ip host 172.16.5.18 any<BR />access-list acl_out extended permit ip host 172.16.1.135 any<BR />access-list dns extended permit udp any any<BR />access-list dnstcp extended permit tcp any any<BR />access-list dmz_access_in extended permit icmp any any<BR />access-list outside_access_in extended permit tcp any host 208.39.161.73 eq www<BR />access-list outside_acl extended permit tcp any host 208.39.161.70 eq smtp<BR />access-list outside_acl extended permit tcp any host 208.39.161.70 eq pop3<BR />access-list outside_acl extended permit tcp any host 208.39.161.70 eq imap4<BR />access-list outside_acl extended permit tcp any host 208.39.161.70 eq 444<BR />access-list outside_acl extended permit icmp any any<BR />access-list outside_acl extended permit tcp any host 208.39.161.70 eq www<BR />access-list outside_acl extended permit tcp any host 208.39.161.70 eq ssh<BR />access-list outside_acl extended permit tcp any host 208.39.161.67 eq 3389<BR />access-list outside_acl extended permit tcp any host 208.39.161.70 eq irc<BR />access-list outside_acl extended permit tcp any host 208.39.161.72 eq www<BR />access-list outside_acl extended permit tcp any host 208.39.161.74 eq www<BR />access-list outside_acl extended permit tcp any host 208.39.161.74 eq 3389<BR />access-list outside_acl extended permit tcp any host 208.39.161.74 eq 8080<BR />access-list outside_acl extended permit tcp any host 208.39.161.74 eq 1755<BR />access-list outside_acl extended permit tcp any host 208.39.161.73 eq 3101<BR />access-list outside_acl extended permit tcp any host 208.39.161.73 eq www<BR />access-list outside_acl extended permit tcp any host 208.39.161.67 eq www<BR />access-list outside_acl extended permit tcp any host 208.39.161.68 eq smtp<BR />access-list outside_acl extended permit tcp any host 208.39.161.68 eq www<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 3389<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 407<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1417<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1418<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1419<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1420<BR />access-list outside_acl extended permit udp any host 208.39.161.76 eq 1417<BR />access-list outside_acl extended permit udp any host 208.39.161.76 eq 1418<BR />access-list outside_acl extended permit udp any host 208.39.161.76 eq 1419<BR />access-list outside_acl extended permit udp any host 208.39.161.76 eq 1420<BR />access-list outside_acl extended permit udp any host 208.39.161.76 eq 407<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq https<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq www<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 7880<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq smtp<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 8080<BR />access-list outside_acl extended permit udp any host 208.39.161.76 eq 8080<BR />access-list outside_acl extended permit udp any host 208.39.161.72 eq 444<BR />access-list outside_acl extended permit tcp any host 208.39.161.72 eq 444<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 444<BR />access-list outside_acl extended permit udp any host 208.39.161.76 eq 444<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 4125<BR />access-list outside_acl extended permit udp any host 208.39.161.76 eq 4125<BR />access-list outside_acl extended permit tcp any host 208.39.161.70 eq 3389<BR />access-list outside_acl extended permit tcp any host 208.39.161.70 eq https<BR />access-list outside_acl extended permit udp any host 208.39.161.72 eq www<BR />access-list outside_acl extended permit udp any host 208.39.161.70 eq 443<BR />access-list outside_acl extended permit tcp any host 208.39.161.66 eq https<BR />access-list outside_acl extended permit udp any host 208.39.161.66 eq 443<BR />access-list outside_acl extended permit tcp any host 208.39.161.75 eq smtp<BR />access-list outside_acl extended permit udp any host 208.39.161.75 eq 25<BR />access-list outside_acl extended permit tcp any host 208.39.161.66 eq smtp<BR />access-list outside_acl extended permit tcp any host 208.39.161.68 eq https<BR />access-list outside_acl extended permit tcp any host 208.39.161.70 eq 81<BR />access-list outside_acl extended permit tcp any host 208.39.161.70 eq 6891<BR />access-list outside_acl extended permit tcp any host 208.39.161.67 eq 5641<BR />access-list outside_acl extended permit udp any host 208.39.161.67 eq 5641<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 4550<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 5550<BR />access-list outside_acl extended permit tcp any host 208.39.161.74 eq 2512<BR />access-list outside_acl extended permit tcp any host 208.39.161.74 eq 2513<BR />access-list outside_acl extended permit tcp any host 208.39.161.72 eq 1701<BR />access-list outside_acl extended permit tcp any host 208.39.161.74 eq 1701<BR />access-list outside_acl extended permit tcp any host 208.39.161.74 eq 1702<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1702<BR />access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1701<BR />access-list outside_acl extended permit tcp any host 208.39.161.67 eq 210<BR />access-list outside_acl extended permit tcp any host 208.39.161.67 eq 7090<BR />access-list outside_acl extended permit tcp any host 208.39.161.67 eq 5151<BR />access-list outside_acl extended permit tcp any host 208.39.161.68 eq 210<BR />access-list outside_acl extended permit tcp any host 208.39.161.68 eq 7090<BR />access-list outside_acl extended permit tcp any host 208.39.161.68 eq 5151<BR />access-list outside_acl extended permit tcp any host 208.39.161.68 eq h323<BR />access-list outside_acl extended permit tcp any host 208.39.161.68 eq 555<BR />access-list outside_acl extended permit tcp any host 208.39.161.68 eq 556<BR />access-list outside_acl extended permit tcp any host 208.39.161.68 eq 1718<BR />access-list outside_acl extended permit udp any host 208.39.161.68 eq 1719<BR />access-list outside_acl extended permit tcp any host 208.39.161.71 eq https<BR />access-list outside_acl extended permit tcp any host 208.39.161.69 eq smtp<BR />access-list outside_acl extended permit tcp any host 208.39.161.69 eq pop3<BR />access-list outside_acl extended permit tcp any host 208.39.161.69 eq imap4<BR />access-list outside_acl extended permit tcp any host 208.39.161.69 eq www<BR />access-list outside_acl extended permit tcp any host 208.39.161.69 eq citrix-ica</P><P></P><P>access-list outside_acl extended permit tcp any host 208.39.161.69 eq 1604<BR />access-list outside_acl extended permit tcp any host 208.39.161.69 eq 1023<BR />access-list outside_acl extended permit tcp any host 208.39.161.69 eq 1431<BR />access-list outside_acl extended permit tcp any host 208.39.161.69 eq 8081<BR />access-list outside_acl extended permit tcp any host 208.39.161.66 eq ftp<BR />access-list outside_acl extended permit tcp any host 208.39.161.75 eq ftp<BR />access-list outside_acl extended permit tcp any host 208.39.161.66 eq ftp-data<BR />access-list outside_acl extended permit tcp any host 172.17.1.103 eq smtp<BR />access-list outside_acl extended permit tcp any host 172.17.1.103 eq imap4<BR />access-list outside_acl extended permit tcp any host 208.39.161.75 eq 4125<BR />access-list outside_acl extended permit tcp any host 208.39.161.65 eq 4125<BR />access-list outside_acl extended permit udp any host 208.39.161.65 eq 4125<BR />access-list outside_acl extended permit udp any host 208.39.161.66 eq 4125<BR />access-list outside_acl extended permit tcp any host 208.39.161.66 eq 4125<BR />access-list outside_acl extended permit tcp any host 208.39.161.66 eq 3389<BR />access-list outside_acl extended permit tcp any host 208.39.161.65 eq 3389<BR />access-list outside_acl extended permit tcp any host 208.39.161.75 eq 3389<BR />access-list outside_acl extended permit tcp any host 208.39.161.75 eq 5806<BR />access-list outside_acl extended permit tcp any host 208.39.161.65 eq 5806<BR />access-list outside_acl extended permit udp any host 208.39.161.65 eq 5806<BR />access-list outside_acl extended permit udp any host 208.39.161.75 eq 5806<BR />access-list outside_acl extended permit tcp any host 208.39.161.71 eq ssh<BR />pager lines 24<BR />logging enable<BR />logging list high-priority level errors<BR />logging asdm informational<BR /><SPAN>logging from-address </SPAN><A class="jive-link-email-small" href="mailto:administrator@bordentown.k12.nj.us" target="_blank">administrator@bordentown.k12.nj.us</A><BR /><SPAN>logging recipient-address </SPAN><A class="jive-link-email-small" href="mailto:administrator@bordentown.k12.nj.us" target="_blank">administrator@bordentown.k12.nj.us</A><SPAN> level errors</SPAN><BR />mtu outside 1500<BR />mtu inside 1500<BR />mtu DMZ 1500<BR />mtu management 1500<BR />no failover<BR />asdm image disk0:/asdm-508.bin<BR />asdm history enable<BR />arp timeout 14400<BR />nat-control<BR />global (outside) 1 interface<BR />global (outside) 2 208.39.161.73 netmask 255.255.255.255<BR />nat (inside) 3 172.16.1.7 255.255.255.255<BR />nat (inside) 1 172.16.0.0 255.255.0.0<BR />nat (inside) 1 172.17.0.0 255.255.0.0<BR />nat (DMZ) 1 192.168.0.0 255.255.255.0<BR />static (inside,outside) 208.39.161.74 172.16.1.26 netmask 255.255.255.255<BR />static (inside,outside) 208.39.161.75 172.16.1.43 netmask 255.255.255.255<BR />static (inside,outside) 208.39.161.67 172.16.1.201 netmask 255.255.255.255<BR />static (inside,outside) 208.39.161.72 172.16.1.22 netmask 255.255.255.255<BR />static (inside,outside) 208.39.161.69 172.16.1.200 netmask 255.255.255.255<BR />static (inside,outside) 208.39.161.76 172.16.1.242 netmask 255.255.255.255<BR />static (inside,outside) 208.39.161.70 172.16.1.6 netmask 255.255.255.255<BR />static (inside,outside) 208.39.161.73 172.16.1.8 netmask 255.255.255.255<BR />static (inside,outside) 208.39.161.68 172.16.1.35 netmask 255.255.255.255<BR />static (inside,outside) 208.39.161.71 172.16.1.31 netmask 255.255.255.255<BR />access-group outside_acl in interface outside<BR />route outside 0.0.0.0 0.0.0.0 208.39.161.66 1<BR />route inside 172.30.0.0 255.255.0.0 172.16.6.1 1<BR />route inside 172.17.0.0 255.255.0.0 172.16.6.1 1<BR />timeout xlate 3:00:00<BR />timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02<BR />timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00<BR />timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00<BR />timeout uauth 0:05:00 absolute<BR />aaa-server TACACS+ protocol tacacs+<BR />aaa-server RADIUS protocol radius<BR />aaa authentication ssh console LOCAL<BR />http server enable<BR />http 0.0.0.0 0.0.0.0 inside<BR />no snmp-server location<BR />no snmp-server contact<BR />snmp-server community public<BR />snmp-server enable traps snmp authentication linkup linkdown coldstart<BR />crypto ipsec security-association lifetime seconds 28800<BR />crypto ipsec security-association lifetime kilobytes 4608000<BR />telnet 208.39.161.65 255.255.255.255 inside<BR />telnet 208.39.161.64 255.255.255.252 inside<BR />telnet 172.16.0.0 255.255.0.0 inside<BR />telnet 208.39.161.65 255.255.255.255 DMZ<BR />telnet 208.39.161.64 255.255.255.252 DMZ<BR />telnet timeout 30<BR />ssh 63.214.17.0 255.255.255.0 outside<BR />ssh 68.44.187.221 255.255.255.255 outside<BR />ssh 65.217.171.0 255.255.255.0 outside<BR />ssh 68.81.65.0 255.255.255.0 outside<BR />ssh timeout 45<BR />console timeout 0<BR />!<BR />class-map inspection_default<BR /> match default-inspection-traffic<BR />!<BR />!<BR />policy-map global_policy<BR /> class inspection_default<BR />&nbsp; inspect rsh<BR />&nbsp; inspect rtsp<BR />&nbsp; inspect sunrpc<BR />&nbsp; inspect xdmcp<BR />&nbsp; inspect netbios<BR />&nbsp; inspect tftp<BR />&nbsp; inspect http<BR />&nbsp; inspect ils<BR />&nbsp; inspect ftp<BR />!<BR />service-policy global_policy global<BR />smtp-server 172.16.1.6<BR />Cryptochecksum:65bcb0e163783400f6c65c2b8a780d0f<BR />: end</P><P></P><P></P><P>Any help would be appreciated.&nbsp; Thank you!</P> Mon, 11 Mar 2019 20:10:40 GMT https://community.cisco.com/t5/network-security/cisco-asa-5510-cannot-connect-to-site-through-appliance/m-p/1646017#M559331 dancumming 2019-03-11T20:10:40Z https://community.cisco.com/t5/network-security/cisco-asa-5510-cannot-connect-to-site-through-appliance/m-p/1646018#M559336 <HTML><HEAD></HEAD><BODY><P>Is Ricoh expecting a specific public IP Address? or they are accepting any public IP Addresses?</P><P></P><P>I can see that you have configured static NAT translation for the appliance:</P><P>static (inside,outside) 208.39.161.68 172.16.1.35 netmask 255.255.255.255</P><P></P><P>However, it still uses the dynamic translation to 208.39.161.66. Can you please advise if you have clear the translation after making changes to the static NAT statement? If you haven't, try to clear: <STRONG>clear local 172.16.1.35</STRONG></P><P></P><P>Is the connection outbound or inbound?</P><P></P><P>The syslog messages look OK. It gets tear down because it didn't seem to get any replies back.</P></BODY></HTML> Wed, 23 Mar 2011 04:38:25 GMT https://community.cisco.com/t5/network-security/cisco-asa-5510-cannot-connect-to-site-through-appliance/m-p/1646018#M559336 Jennifer Halim 2011-03-23T04:38:25Z https://community.cisco.com/t5/network-security/cisco-asa-5510-cannot-connect-to-site-through-appliance/m-p/1646019#M559339 <HTML><HEAD></HEAD><BODY><P>Ricoh accepting all public IP addresses.&nbsp; I apologize, I made a typo in my original post.&nbsp; The IP address of the Ricoh appliance is 172.16.1.135.</P></BODY></HTML> Wed, 23 Mar 2011 12:13:54 GMT https://community.cisco.com/t5/network-security/cisco-asa-5510-cannot-connect-to-site-through-appliance/m-p/1646019#M559339 dancumming 2011-03-23T12:13:54Z https://community.cisco.com/t5/network-security/cisco-asa-5510-cannot-connect-to-site-through-appliance/m-p/1646020#M559340 <HTML><HEAD></HEAD><BODY><P>OK, then it is correct.</P><P></P><P>Doesn't seem to be your ASA configuration issue.</P><P></P><P>I can't access the site too, so seems like Ricoh's issue.</P></BODY></HTML> Wed, 23 Mar 2011 12:44:20 GMT https://community.cisco.com/t5/network-security/cisco-asa-5510-cannot-connect-to-site-through-appliance/m-p/1646020#M559340 Jennifer Halim 2011-03-23T12:44:20Z https://community.cisco.com/t5/network-security/cisco-asa-5510-cannot-connect-to-site-through-appliance/m-p/3359911#M559343 <P>You will want to remove the post containing your un-scrubbed config that contains your Internet IPs as well as your enable password</P> Tue, 03 Apr 2018 19:52:53 GMT https://community.cisco.com/t5/network-security/cisco-asa-5510-cannot-connect-to-site-through-appliance/m-p/3359911#M559343 eisenberg 2018-04-03T19:52:53Z