Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
2
Replies

ASA won't allow new Internet sessions, existing ones last one minute

rwills
Level 1
Level 1

‎06-24-2022 04:43 AM

I am trying to deploy an ASA at a remote location.  I am doing it via webex, which is how I noticed this unusual behavior.  When we move cables over to the ASA, the webex session continues to work for about a minute.  However, no new sessions, like browsing a new web page, will work.  After about a minute the webex connectivity drops and we have to move back to the old firewall.  I am noticing this in the logs:

 

Jun 23 2022 16:44:02: %ASA-4-434002: SFR requested to drop TCP packet from inside_1:x.x.x.x/64333 to outside:x.x.x.x/80

 

0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎06-24-2022 05:44 AM

do 
packet-tracer using the IP and port show in log message, 
I think there is ACL apply in INSIDE of FW that drop packet.

0 Helpful

rwills
Level 1
Level 1
In response to MHM Cisco World

‎06-24-2022 05:56 AM

I will try that next time I can get a webex session going.  But I don't think it is an access-list.  There are virtually no ACLs configured yet, as we simply hadn't gotten that far in the configuration.  I did temporarily add a 'permit ip any any' rule as part of my troubleshooting earlier, and got the same results.  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card