Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
5
Helpful
1
Replies

ASA not allowing specific port?

KGrev
Level 4
Level 4

‎06-22-2022 09:04 AM

Hi,

Scenario: Server is sending an "initialize" packet every 10 seconds to an ip beyond an ASA.

Server sends on upd/4000, expects a response on 4001.

The very first time this happens is is successful, after a few minutes the end device stops receiving the packets even though the server is still sending.

 

We have wiresharked the server to confirm it is sending, detected the packets through the network and can confirm packets at router before ASA. On ASA we can packet capture and see the packets hitting the ingress port. We do not see them exiting the egress (suspected due to the end device being in a vpn hosted from the ASA)

 

We can use nmap from the server and send udp on any other souce port than 4000 specifically with a destination port of 4000.

The logs in the ASA do not show an acl deny or drop that we can see.

 

We currently have threat detection also turned off for troubleshooting.

 

Any help would be greatly appreciated. Looking to see if the ASA is still processing the packets and sending them through the vpn to the End device. End device is a theisen router. We can log into it with winbox and see its acl and nat counters to see if traffic is coming in.

1 Reply 1

MHM Cisco World
VIP
VIP

‎06-22-2022 09:22 AM

Clear conn udp traffic and see if traffic is capture in egress or not 

If not then config add  route-lookup in nat of this ip/udp.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card