Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
234
Views
0
Helpful
2
Replies

ASA5550 TCP connection denied

mohdghafoor
Level 1
Level 1

‎10-20-2014 07:07 AM - edited ‎03-11-2019 09:57 PM

cisco ASA5550 Inbound TCP connection denied from 172.XX.XXX.2/3314 to 172.16.XX.XX/XXX flags SYN  on interface inside

Labels:
0 Helpful
2 Replies 2

davebornack
Level 1
Level 1

‎10-20-2014 01:45 PM

Can you post a config, or at least the ACLs that you have for either of those networks?

You may need to enable logging on those particular ACLs in order for me/us to figure out why these are being denied.  

See this about turning logging on.  It will give your logs more information, including which ACL is denying these packets

 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/acl_logging.pdf

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-20-2014 03:53 PM

Are both the source and destination address downstream from your inside interface? If so, you need to have "same-security-traffic" enabled in your configuration. Reference

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card