09-09-2019 06:41 AM - edited 02-21-2020 09:28 AM
Hi everyone, I hope someone can help me out here. I have an IPSec tunnel set up between a Palo Alto and Cisco ASA. The tunnel is up and running and is passing LAN/WAN traffic.
So far so good.
On Thursday, the users on site were migrated to Office 365 and are today being prompted to activate their licence. The Cisco ASA is on the users site. The problem I'm having is that when they click on 'Activate' in Outlook, nothing happens. When they try to sign in to their account, it times out and says there are server issues.
I'd like some help in setting up an ACL as I think that's what I need. Happy to be corrected! :-)
Besides the ACL, is there anything else I'd need to get this working?
Many thanks in advance.
Solved! Go to Solution.
09-09-2019 07:09 PM
09-09-2019 07:09 PM
09-10-2019 04:20 AM
Hi Francesco
Thank you, that worked. For now, I've used 'any' but will lock this down once I have the list of subnets from Microsoft.
One other thing that's popped up today. Management networks on 10.0.0.0/8 cannot browse to 10.76.9.161, I get the 'Windows cannot access' message. Server and permissions have been checked and verified.
The ASA logs shows the following:
6|Sep 10 2019 12:06:20|302013: Built inbound TCP connection 1909631 for Outside:10.123.6.60/50252 (10.123.6.60/50252) to DATA:10.76.9.161/445 (10.76.9.161/445)
6|Sep 10 2019 12:06:20|302014: Teardown TCP connection 1909631 for Outside:10.123.6.60/50252 to DATA:10.76.9.161/445 duration 0:00:00 bytes 3228 TCP Reset-O
Would anyone know what the TCP Reset-O means please?
09-16-2019 09:47 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide