ASA 5505 Closing Connection / NAT Issue?

joe · ‎06-25-2012

Hi,

I'm trying to get an asa5505 set up so that our web server can send an LDAPS login to a client's server and receive the request back. The default IP our traffic goes out on is different than where I want the connection to come back in on. So, I set a NAT rule to send all traffic from a specific inside IP out a default outside IP. I also allowed LDAPS traffic from the client's server IP address in and have nat'd it back to the appropriate inside IP address. It seems to build the outbound connection fine, but then seems to drop it right away, which then seems to not allow the response back in. I've attached a picture of the log, with (what I think are) the lines in question highlighted. I'm far from a routing expert, but this seemed like a fairly easy setup. Anyone have any idea what may be causing this? Also, please let me know if additional info is needed. I'm happy to provide anything. Thanks!

Jouni Forss · ‎06-27-2012

Hi,

Regarding the log you attached.

To me the log basically tells that a host on your inside network formed a TCP connection to the Internet which it then resetted immediatly. (For whatever reason)

The log messages following that are probably the host on the Internet trying sending acknowledgement messages for some sent data (ACK) and also closing the TCP Connection (FIN ACK)

And the reason the Deny messages look abit different is because the ASA has already torn down those connections and therefore states that there are no active connections on the ASA that corresponds to the arriving packets so it drops them.

In other words, the remote Internet host is still sending packets related to the connection that the inside host already closed and which the ASA already tore down.

Would it be possible to see the actual configurations on the firewall?

- Jouni