https://community.cisco.com/t5/network-security/inspection-question/m-p/1022836#M918703 <HTML><HEAD></HEAD><BODY><P>Ahh Ok, Good to know the issue is solved now <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Mon, 09 Jun 2008 20:28:18 GMT Farrukh Haroon 2008-06-09T20:28:18Z https://community.cisco.com/t5/network-security/inspection-question/m-p/1022833#M918700 <P>Hello,</P><P></P><P>We have recently migrated from an IPTABLES based (among other things) for NAT and firewalling to an ASA 5510.</P><P></P><P>While the transition has been smooth there is an issue that has risen.</P><P></P><P>Some of the network people had in the past through IPTABLES NAT access to anything. In particular they use once in a while BGPPLAY (a java app) to view routes and BGP info. There was no problem when they use IPTABLES but now if they use the ASA as a NAT firewall, the java applet will fail to established a connection.</P><P></P><P>NAT access for BGPLAY is open as it was before and I did assume that it will behave as before, obviusly it does not.</P><P></P><P>The first connection is to port 80, but the second is from the next port to 21174.</P><P></P><P>This is not a related connection but a new one, works thorugh IPTABLES but not through the ASA.</P><P></P><P>Anyone has seen this behavior?</P><P></P><P>Thanks,</P><P></P><P>Miguel.</P> Mon, 11 Mar 2019 12:57:01 GMT https://community.cisco.com/t5/network-security/inspection-question/m-p/1022833#M918700 alasinc 2019-03-11T12:57:01Z https://community.cisco.com/t5/network-security/inspection-question/m-p/1022834#M918701 <HTML><HEAD></HEAD><BODY><P>Why don't you allow this connection by using an ACL? Is this new connection from the Client &gt;&gt; BGPPLAY Server or in the opposite direction. In the Client &gt;&gt; BGPPLAY Server direction it should be permitted as all higher &gt;&gt; lower security traffic is permitted by default. You can also use the 'established' command but this is not recommended due to security reasons.</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Mon, 09 Jun 2008 19:19:08 GMT https://community.cisco.com/t5/network-security/inspection-question/m-p/1022834#M918701 Farrukh Haroon 2008-06-09T19:19:08Z https://community.cisco.com/t5/network-security/inspection-question/m-p/1022835#M918702 <HTML><HEAD></HEAD><BODY><P>Found the problem, it was not related to the ASA per say but an ancient access-list on an edge router that was not allowing traffic on the new network we were using.</P><P></P><P>Miguel.</P></BODY></HTML> Mon, 09 Jun 2008 20:12:32 GMT https://community.cisco.com/t5/network-security/inspection-question/m-p/1022835#M918702 alasinc 2008-06-09T20:12:32Z https://community.cisco.com/t5/network-security/inspection-question/m-p/1022836#M918703 <HTML><HEAD></HEAD><BODY><P>Ahh Ok, Good to know the issue is solved now <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Mon, 09 Jun 2008 20:28:18 GMT https://community.cisco.com/t5/network-security/inspection-question/m-p/1022836#M918703 Farrukh Haroon 2008-06-09T20:28:18Z