Hello everyone,
I have a webserver hosted at a computing center which serves different services on multiple ip's configured on one network-adapter.
Basically it's just a NAT plus ACL for every IP plus the Site to Site tunnel to my office.
Now I bought a second server plus a management client, also stationed at that computing center. My wish was to connect them to the internal ports of the ASA also but my hoster said it's not possible due to the distance between the machines. But he also said that his switches are all in the same vlan and that he could just put up the second lan interface of the asa to the switch. I now configured my new devices on my internal lan ip's using my asa as gateway instead of his default gateways. After disabling ARP-Proxy on the inside interface at worked. I could reach my new devices via ping and rdp but only when I was connected to my first server via rdp also. It was still possible to ping my first server over my vpn without losses (The first server is connected to the asa directly) But when I start pinging the new server from my home lan it looses pakets every 2 to 3 pings. Also rdp directly to the new server is not possible. On the live logging I'm getting messages like
|
|
|
|
|
|
|
| Deny inbound icmp src outside:10.0.70.246 dst outside:10.0.64.15 (type 0, code 0) |
|
|
|
|
|
|
|
| Inbound TCP connection denied from 10.0.70.246/3389 to 10.0.64.15/49887 flags ACK on interface outside |
|
|
|
|
|
|
|
| Inbound TCP connection denied from 10.0.70.246/3389 to 10.0.64.15/49890 flags PSH ACK on interface outside |
I have included the actual running-config. Hopefully someone knows a solution
