Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
433
Views
0
Helpful
2
Replies

ftp & rdp connection issues

simon-galloway
Level 1
Level 1

‎01-15-2009 03:08 PM - edited ‎03-11-2019 07:37 AM

Hi,

I currently have an issue with ftp and rdp connections from 2 specific hosts. I have setup acls to allow for ftp and rdp connections from our internal network to these two specific hosts in the dmz. We have 2 ASA 5520 setup in a Active/Standby Configuration. The acls in question have been setup with logging enabled and when l go to attempt to connect via ftp or rdp to the specific hosts the connections timeout.

As you can see from the below logs the access-list is permitted but then it tries to build the connection but then automatically tears it down. Could someone please explain why my internal host is not connecting successfully on rdp to this host in our dmz ?? If you need additional configs from the ASA or other equipment please let me know.

6|Jan 16 2009|09:59:59|302014|fsqftp|3389|172.16.28.104|2392|Teardown TCP connection 11122215 for dmz1:fsqftp/3389 to inside:172.16.28.104/2392 duration 0:00:00 bytes 0 TCP Reset-I

6|Jan 16 2009|09:59:59|302013|fsqftp|3389|172.16.28.104|2392|Built outbound TCP connection 11122215 for dmz1:fsqftp/3389 (fsqftp/3389) to inside:172.16.28.104/2392 (172.16.28.104/2392)

6|Jan 16 2009|09:59:53|302014|fsqftp|3389|172.16.28.104|2392|Teardown TCP connection 11122181 for dmz1:fsqftp/3389 to inside:172.16.28.104/2392 duration 0:00:00 bytes 0 TCP Reset-I

6|Jan 16 2009|09:59:52|302013|fsqftp|3389|172.16.28.104|2392|Built outbound TCP connection 11122181 for dmz1:fsqftp/3389 (fsqftp/3389) to inside:172.16.28.104/2392 (172.16.28.104/2392)

6|Jan 16 2009|09:59:50|302014|fsqftp|3389|172.16.28.104|2392|Teardown TCP connection 11122158 for dmz1:fsqftp/3389 to inside:172.16.28.104/2392 duration 0:00:00 bytes 0 TCP Reset-I

6|Jan 16 2009|09:59:50|302013|fsqftp|3389|172.16.28.104|2392|Built outbound TCP connection 11122158 for dmz1:fsqftp/3389 (fsqftp/3389) to inside:172.16.28.104/2392 (172.16.28.104/2392)

7|Jan 16 2009|09:59:50|106100|172.16.28.104|2392|fsqftp|3389|access-list inbound_inside permitted tcp inside/172.16.28.104(2392) -> dmz1/fsqftp(3389) hit-cnt 1 first hit [0x72ce6f24, 0x0]

Labels:
0 Helpful
2 Replies 2

Tshi M
Level 5
Level 5

‎01-20-2009 01:10 PM

Hi Simon

Do you have a static (inside,dmz) configured?

0 Helpful

sdoremus33
Level 3
Level 3

‎01-20-2009 01:39 PM

If its no trouble could you please provide the config for these translations from the inside hosts to the DMZ devices, an also the stndby config. Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card