03-10-2011 03:52 AM - edited 03-11-2019 01:04 PM
We are using an ASA with 8.4 in transparent mode. Connection fails when a host on inside tries to connect to a server on outside. This server uses mac-address 0100.5E00.0000 to load balance but replies with real mac-address.
Firewall logs "Deny TCP".
ARP inspection is disabled.
Any idea?
Thanks.
Andrea
03-10-2011 08:58 AM
Andrea,
You get a ''Deny TCP'' when attempting the connection, but can you PING from the host to the server (through the ASA)?
Just want to check if it's indeed an ARP problem or a firewall rule for TCP traffic.
Federico.
03-10-2011 01:48 PM
Hello Federico and many thanks for your help.
Yes, we can ping the server.
There is a rule with permit ip any for testing.
The capture on outside show packets with correct server IP address but with different mac address (different from ARP).
Servers are configured with Microsoft NLB, IGMP multicast 01005E.
Regards.
Andrea
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide