07-15-2011 04:59 AM - edited 03-11-2019 01:59 PM
Hi, I've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail.
First problem I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config.
Secondly, the server I have on there ("Sar") can't connect out to the internet.
I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on.
Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.
Cheers,
Solved! Go to Solution.
09-22-2011 07:09 AM
Hi Wez,
Thanks for the data, as you can see in the captures, as soon as the firewall sends a request for the connection, the server is sending a Reset for it, so I woudl suggest you to troubleshoot why the server is sending a reset. Ceck if any firewall on the server is blocking the connection. Try putting an exception for the port 80.
S -------> SYN (initial connection request)
R -------> Reset
Hope this helps.
Thanks,
Varun
09-22-2011 07:13 AM
I think I've fixed it!
The captures were returning with it all clear, so I did some digging and it looks like there was an entry in the registry for the old ip address that stopped IIS from returning any sites.
(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Pa rameters\ListenOnlyList in case anyone else has the problem.)
Once again, much appreciated!
09-22-2011 07:16 AM
Hey thats great!!!!!!!! Thanks for the rating
-Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide