10-20-2014 07:07 AM - edited 03-11-2019 09:57 PM
cisco ASA5550 Inbound TCP connection denied from 172.XX.XXX.2/3314 to 172.16.XX.XX/XXX flags SYN on interface inside
10-20-2014 01:45 PM
Can you post a config, or at least the ACLs that you have for either of those networks?
You may need to enable logging on those particular ACLs in order for me/us to figure out why these are being denied.
See this about turning logging on. It will give your logs more information, including which ACL is denying these packets
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/acl_logging.pdf
10-20-2014 03:53 PM
Are both the source and destination address downstream from your inside interface? If so, you need to have "same-security-traffic" enabled in your configuration. Reference
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: