I have a ASA 5545X with two outside interfaces. We are using both wan links with route maps. So WAN 1 is used by VLAN 100-120 and WAN2 is used by VLAN 200-220.
When I configure incoming nat to access a webserver in VLAN 100 over WAN1 everything is working.
When I configure incoming nat for a webserver on vlan 200 over WAN2 the pakets arrive on the webserver. But I have seen on wireshark a wireshark dump that the there are retransmissions and than the connection is canceled.
On ASA Log I saw the entry Teardown TCP connection ......... No valid adjacency
Could anyone tell me, what's the problem and how can I solve this?
It seems issue is there on the reply packets. Can you tell me why there is "access-group DMZ-1_access_in in interface DMZ-1" on DMZ-1 interface without any ACL ? I did not find any ACL. If there is no ACL then please remove it.
Sorry. There are some acls
access-list DMZ-1_access_in extended deny ip object NET_10.10.10.0_DMZ-1 object-group OG_Internal-Networks
access-list DMZ-1_access_in extended permit tcp object DMZ-SRV_Test any object-group DM_INLINE_TCP_1
access-list DMZ-1_access_in extended permit icmp object NET_10.10.10.0_DMZ-1 any
access-group DMZ-1_access_in in interface DMZ-1
I saw this article but it does not solfe my problem
Does anybody have an idea what the problem could be?
When I do incoming nat on OUTSIDE it works.
When I do incoming nat on WAN-2 I get the error "no valif adjacence"
Outgoing traffic over WAN-2 works without problems.
Thanks for sharing, all looks good to me. Not sure why it is happening on WAN-2 since DMZ-1 is directly connected.
From the link you shared, problem will be there if we use "any" but you already specified the interface. Regarding WAN-1 are you using similar config right and scneario ?
sorry for the confusion, problem might could happen if u use (any, WAN-2) instead of ( DMZ-1, WAN-2 ).
Your DMZ-1 with WAN-1 have same NAT configuration and ACL policies for your FTP server in DMZ-1 right ?
Ah ok. Sorry, but I have already changed this and reconfigured it more times.
I have found no solution yet. I'm very confused why it does not work an the whole public IP space on WAN-2
I was hoping that this article is the solution but it does not help