Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1423
Views
0
Helpful
3
Replies

CISCO ASA 5505 TCP connection issue

sanglapruskerpatra666
Level 1
Level 1

‎01-04-2022 09:45 AM

I am facing issues in connecting a pc from outside interface to dmz interface on cisco 5505 asa firewall. The icmp ping is successfull from outside pc to dmz server but failed to establish any tcp connection.

ASA Version 8.4(2)

!

hostname ciscoasa

names

!

interface Ethernet0/0

switchport access vlan 3

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

switchport access vlan 2

!

interface Vlan1

nameif inside

security-level 100

ip address 10.1.1.6 255.255.255.252

!

interface Vlan2

nameif outside

security-level 0

ip address 10.1.1.1 255.255.255.248

!

interface Vlan3

no forward interface Vlan1

nameif DMZ

security-level 50

ip address 10.1.1.10 255.255.255.252

!

object network dmz

host 10.1.1.9

object network inside

host 10.1.1.5

!

route outside 0.0.0.0 0.0.0.0 10.1.1.2 1

!

access-list icmp_http_ftp extended permit icmp any object inside

access-list icmp_http_ftp extended permit icmp any object dmz

access-list icmp_http_ftp extended permit tcp any object dmz eq www

access-list icmp_http_ftp extended permit tcp any object dmz eq ftp

!

!

access-group icmp_http_ftp in interface outside

object network dmz

nat (DMZ,outside) static 10.1.1.3

object network inside

nat (inside,outside) dynamic interface

class-map cmap

match default-inspection-traffic

!

policy-map pmap

class cmap

inspect ftp

inspect http

inspect icmp

!

service-policy pmap global

!

telnet timeout 5

ssh timeout 5

firewall_intervlan.PNG

Kindly can anyone provide feedback of where i am going wrong.

I am attaching issue ip packet screenshot emulation as well.

issue.PNG

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎01-04-2022 10:23 AM 

 The icmp ping is successfull from outside pc to dmz server but failed to establish any tcp connection.

what TCP connection ?  what port ?

can you explain what source IP address and what is the destination IP address and port ?

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

sanglapruskerpatra666
Level 1
Level 1
In response to balaji.bandi

‎01-04-2022 12:03 PM

Hi

Dmz server is natted with static ip address of 10.1.1.3/29 and server has http and ftp ports opened , which have been added to acl icmp_http_ftp and acl is added to access group of outside interface.

0 Helpful

paul driver
VIP
VIP

‎01-09-2022 11:03 AM - edited ‎01-09-2022 11:04 AM

Hello

Duplicate post - With a possible provided solution - here


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card