Solved: ASA5505 port 3306 request discarded

stalwartweare · ‎10-21-2012

ASA5505 port 3306

I have been fighting for days to open the port 3306 on my appliance, I have read carefully all the forums and no success.

I allways get the message :

7

Oct 21 2012

17:29:32

90.27.181.120

54655

212.147.49.18

3306

TCP request discarded from 90.27.181.120/54655 to outside:212.147.49.18/3306

I have attached m y configuration

thanks for any help

Julio Carvajal · ‎10-23-2012

Hello Jean,

Just checked the config, the problem is that you did not follow the object service configuration I sent you.

Mine:

object service SQL

service tcp source eq 3306

Yours:

object service SQL

service tcp destination eq 3306

Please change that and let me know,

Remember to rate all of the helpful posts, that is as important as a thanks for the community ( if you need to know how to rate a post, just let me know, I will be more than glad to let you know )

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎10-21-2012

Hello Jean,

Okay lets say the SQL server is 192.168.10.10

so please configure the following

object network Inside_server

host 192.168.10.10

object service SQL

service tcp source eq 3306

nat (inside,outside) 2 source static Inside_server interface service SQL SQL

access-list outside_access_in permit tcp any host 192.168.10.10 31 3306

packet-tracer input outside tcp 4.2.2.2 1025 212.147.49.18 3306

Let me know, if this does not work please post the configuration updated

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

stalwartweare · ‎10-22-2012

thanks for your help.

attached is the new configuration and the packet trace, no success

Julio Carvajal · ‎10-22-2012

Missing the outside acl

access-group outside_access_in in interface outside

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

stalwartweare · ‎10-22-2012

added the line, same problem

regards

Julio Carvajal · ‎10-22-2012

Packet-tracer please ( the complete output)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

stalwartweare · ‎10-23-2012

here you are

thanks for your help

Julio Carvajal · ‎10-23-2012

Hello Jean,

Just checked the config, the problem is that you did not follow the object service configuration I sent you.

Mine:

object service SQL

service tcp source eq 3306

Yours:

object service SQL

service tcp destination eq 3306

Please change that and let me know,

Remember to rate all of the helpful posts, that is as important as a thanks for the community ( if you need to know how to rate a post, just let me know, I will be more than glad to let you know )

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

stalwartweare · ‎10-25-2012

hello,

I changed the object as mentionned, the packet tracer is now allowing the flow. I will conductreal tests.

thanks a lot for your help.

please tell me how to rate the post

Julio Carvajal · ‎10-25-2012

Hello Jean,

It should be working now We finally did it

Now in order to rate a post, go to each of my replies and mark or select the 5 stars at the bottom of each reply,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC