Session resets on webserver connected to ASA 5515-X
Hi All, I have a firewall (Cisco ASA 5520) running; acting as Internet edge with interfaces going to DMZ, Internet and LAN. I have been able to copy/translate the config from the 5520 to 5515-X; LAN users can get to the internet, but sessions going from the LAN browser to the DMZ webserver gets reset, also access to the webserver isn't possible from the internet. Here is a capture of the activity done on the 5515-X box.
Does anyone have an idea why the reset is coming from the webserver? Because it appears that the 5515-X is passing traffic normally.
DMZ webserver public IP address: 22.214.171.124.80
The attached capture is a session from firewall showing sessions of my attempts trying to reach the webserver from the internet. Strangely, LAN users cannot reach the webserver from their web browser.
This way the capture could be opened with Wireshark for example for easier reading.
On a quick glance it would seem that the server resets the TCP connection though in the start we can see that the TCP handshake goes through all the way.
The situation with the LAN users depends on few things. As I already mentioned I am not sure if the server is directly configured with the public IP address or if only NAT is performed on the ASA towards the external network?
If I were to presume that the server has a local/private IP address then the question would be what IP address are the users using to attempt the connection? Or are they perhaps using a DNS name? If they are using a DNS name what is the IP address they are getting in the DNS reply? If its the local IP address then it should be enough that you allow traffic from LAN to the DMZ. If the returned IP address is the public NAT IP address then you would either have to configure the public NAT from DMZ towards LAN or perhaps do some DNS related modifications if you have a local DNS server (so it points the name to the local IP address)
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
A More Intuitive Cognitiv...