Hi Julio

The problem is that our network connected to the ASA router on the inside, address range 192.168.254.0 /24 cannot

reach our partners site at 62.233.82.181 on port 80 connected on the outside.

This seems to be the only website that we cannot access everything else that is going through our ASA firewall is returning back this includes all other websites we visit.

What I would like to do is be able to setup a access rule or policy to resolve this as you can see from the screen shot, there is some sort of syn attack.

As I mentioned above we rolled back to an earlier config that was allowing as access to the partners web site but for some reason does not any more.

Regards

Hello Duncan,

I now understand your issue,

Can you post or send me the configuration with the problem?

Regards,

Jcarvaja

follow me on http://laguiadelnetworking.com

I see how the ASA is reporting this and actually it could be related to the source not being able to receive a reply back from the destination thus reporting a SYN attack because all we see are SYN,SYN,SYN,SYN,SYN sent by the source 192.168.254.X address.

What I would ask of you would be the next:

I know that the packet tracer already indicates that it allows it through but we need to look at the phases that it is going through so please post the output.

I also need the output from a working network to the remote site, the reason I need this information would be for us to confirm that they are going out via the same IP and to confirm if there are any differences.

I mean a packet-tracer from the working network that resides behind the ASA.

Do you still need assistance, did any of the information given help you out?

Please update the ticket as resolved or answered so we can close out followup.

HI Jumora

I have tried everything to rectify that I can think off, access-controls list creating class-maps policy maps, to include embryonic connections

turning off Basic threat detection. I have even connected straight into the ASA inside port that the network connects to and still cannot open or reach the partners site, but I can reach any other website on the network. Have also connected into the router which is the next hop after the ASA onto the internet and yes that does allow me to reach the partners site and open it in my web browser. So I am at a loss in trying to resolve this.

If you have any other suggestion Jumora I would be glad to hear them and try and put them into action if possible, as this is a working network down time is hard to arrange right away

Kind Regards.

OK, when you put the PC in front of the ASA what IP address do you dive it, why I want to know this is because if it is any address other than the IP address that we have for PAT on the ASA and is one of the addresses on the WAN side of the ASA I will change it from the PAT just to see if after we do this change you can reach the site.

Hi Jumora

The IP address I give it is a private IP address, the strange thing is that I can reach all other sites while been plugged into the Inside on the ASA firewall, however I cannot reach the http://partners.highnet.com/login/ ip address 62.233.82.181 cannot figure this one out.

Regards

Ok, we can do two things here, one open up a TAC case if you have a contract and I can help you out or two you would need to send me the configuration and tell me what IP address you placed on the PC when it was able to reach the site when it was not behind the ASA so we can try to map that address to a PAT to see if then internal users are able to reach the site.

Hi Jumora

Thanks for the details, we are now looking at setting up a smartnet account for our ASA routers and progress from there.

Thanks very much for your time and effort muct appreciated.

We can close this post.

Kind Regrads

Please rate the answer.

Please rate the assistance.