03-17-2013 08:33 AM - edited 03-11-2019 06:15 PM
Hi
Can somebody help me to explain whats the meaninig of this log appears on asa firewall 5525x deny tcp (no connection) from 10.26.132.3/38657 to 10.26.132.134/2494 flags RSTon interface Upstream and whats the solution to get access from 10.26.132.3 to 10.26.132.134
There is no access rules configured its allow any any by Global access and i try to simulate by packet tracer on asdm the packet is allowed so i dont understand why the packet is denied
see attacheed file
Regards
03-17-2013 09:09 AM
Hello Ahmed,
This is basically saying that the ASA is receiving traffic for a connection that has not been built across him or has ben torn down already....
Can you share the configuration?
Arent the 10.26.132.3, 133 and 134 behind the same interface (Upstream) ???
Regards,
03-17-2013 11:01 AM
Hi
there is two physical interfaces Tunnel and Upstream on asa the Upstream is 10.26.132.1/25 and the second is 10.26.132.129/25
the configuration is simple 2 physucal interfaces with the same security level each interface is connected in sepearte switch (vlan 1) and we want that the traffic pass through upstream to tunnel
Regadrs
03-17-2013 11:23 AM
Hello Ahmed,
Can you share the topology with the switches in between,
Are they using the same switch.
If there are multiple switches do they connect each other via a trunk or they just have an upstream access port to the ASA?
A topology would be great
Regards
03-17-2013 02:16 PM
Hi
There are 2 separate switch configured an access port with upstream interface concerning the first switch and the same thing between the second switch and the Tunnel interface
Regards
03-17-2013 02:30 PM
Hello,
So you are telling me there is no way the packets reach the other vlan without going to the ASA??
Is that 100 % true?
Regards,
Julio
03-17-2013 02:42 PM
Yes no way the packets pass through asa so what' the solution ?
Regards
03-17-2013 03:20 PM
Hello Ahmed,
Unfortunetly is not that simple ( I wish this were as simple as that )
So based on the logs you are posting we are seeing a RST packet being present and the ASA is complaining about that packet, then we can see the FIN packet for that connection.. How the connection is being torn down...
Can you create a capture on the UPSTREAM interface between the host 10.26.132.3 and the host 10.26.132.133.. Only taking in consideration port 2494 on the Tunnel host ( 133)
cap test interface Upstream match tcp host 10.26.132.3 host 10.26.132.133 eq 2494
cap asp type asp-drop all circular-buffer
I would like to see the flow of packets
So try to connect once and then
do the following from a PC on the Upstream interface
go to a browser and explore to https://ASA_Upstream_Interface_IP/capture/test/pcap
Share the pcap file here
and finally
share the following output
show cap asp | include 10.26.132.133
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide