Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
0
Helpful
3
Replies

ASA 5510 9.1.5 Can not access Web Server from external SYC timeout

Chris Hott
Level 1
Level 1

‎07-27-2015 01:33 PM - edited ‎03-11-2019 11:20 PM

We recently upgraded our ASA from 8.2.5 to 9.1.5

since that upgrade all of our features except our NAT are working correctly

we have a 62.67.81.x / 255.255.255.240 subnet

We have several web servers behind the firewall and we can't access any of them from the internet.

We've followed the guides for setting up new NAT with ver 9.1.5

and the packet tracer works, but watching the logging, it would appear that the TCP 3 way handshake is timing out.

Any suggestions or thoughts?

 

Labels:
0 Helpful
3 Replies 3

joseoroz
Cisco Employee
Cisco Employee

‎07-27-2015 02:59 PM

Hello Chris,

Have you setup captures on the internal interface?

https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios

If you have confirmed that the traffic should be allowed across the firewall and you see the traffic failing for timeout then you need to determine if there is a reply coming from the internal server.

Regards,

Jose Orozco.

 

 

 

 

 

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to joseoroz

‎07-27-2015 09:16 PM

Hi,

Are you seeing the packet trace working correctly ? Can you paste the output on this post ?

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Andre Neethling
Level 4
Level 4

‎07-28-2015 02:42 AM

Can you share your NAT config and ACL config for the servers you are having issues with?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card