Hi

there is two physical interfaces Tunnel and Upstream on asa the Upstream is 10.26.132.1/25 and the second is 10.26.132.129/25

the configuration is simple 2 physucal  interfaces with the same security level each interface is connected in sepearte switch (vlan 1) and we want that the traffic pass through upstream to tunnel

Regadrs

Hello Ahmed,

Can you share the topology with the switches in between,

Are they using the same switch.

If there are multiple switches do they connect each other via a trunk or they just have an upstream access port to the ASA?

A topology would be great

Regards

Hi

There are 2 separate switch configured an access port with upstream interface concerning the first switch and the same thing between the second switch and the Tunnel interface

Regards

Hello,

So you are telling me there is no way the packets reach the other vlan without going to the ASA??

Is that 100 % true?

Regards,

Julio

Yes no way the packets pass through asa so what' the solution ?

Regards

Hello Ahmed,

Unfortunetly is not that simple ( I wish this were as simple as that )

So based on the logs you are posting we are seeing a RST packet being present and the ASA is complaining about that packet, then we can see the FIN packet for that connection.. How the connection is being torn down...

Can you create a capture on the UPSTREAM interface between the host 10.26.132.3 and the host 10.26.132.133.. Only taking in consideration port 2494 on the Tunnel host ( 133)

cap test interface Upstream match tcp host 10.26.132.3 host 10.26.132.133 eq 2494

cap asp type asp-drop all circular-buffer

I would like to see the flow of packets

So try to connect once and then

do the following from a PC on the Upstream interface

go to a browser and explore to https://ASA_Upstream_Interface_IP/capture/test/pcap

Share the pcap file here

and finally

share the following output

show cap asp | include 10.26.132.133

Regards