Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
590
Views
0
Helpful
2
Replies

Help Troubleshooting connectivity to outside host

Go to solution
marioderosa2008
Level 1
Level 1

‎02-07-2011 07:45 AM - edited ‎03-11-2019 12:45 PM

Hi all,

I have an ASA 5505 and users on the inside are struggling to display the web page on a host located on the Outside network. I just need some help confirming whether the issue is with my setup or not.

Below you can see the initiated TCP connection...

TCP out 163.164.22.109:8000 in 10.80.224.37:1220 idle 0:00:00 bytes 0 flags saA

Below you can see that the outgoing connection is NAT'd

PAT Global 192.168.250.2(1025) Local 10.80.224.37(1198)

And below you can see that there is no return traffic captured on the ASA...

142: 11:59:17.747764 802.1Q vlan#1 P0 10.80.224.37.1142 > 163.164.22.109.8000: S 4105096871:4105096871(0) win 65535 <mss 1460,nop,nop,sackOK>
143: 11:59:20.606886 802.1Q vlan#1 P0 10.80.224.37.1142 > 163.164.22.109.8000: S 4105096871:4105096871(0) win 65535 <mss 1460,nop,nop,sackOK>
144: 11:59:26.622541 802.1Q vlan#1 P0 10.80.224.37.1142 > 163.164.22.109.8000: S 4105096871:4105096871(0) win 65535 <mss 1460,nop,nop,sackOK>
145: 12:09:23.127831 802.1Q vlan#1 P0 10.80.224.37.1198 > 163.164.22.109.8000: S 1562991516:1562991516(0) win 65535 <mss 1460,nop,nop,sackOK>
146: 12:09:26.170706 802.1Q vlan#1 P0 10.80.224.37.1198 > 163.164.22.109.8000: S 1562991516:1562991516(0) win 65535 <mss 1460,nop,nop,sackOK>
147: 12:09:32.295211 802.1Q vlan#1 P0 10.80.224.37.1198 > 163.164.22.109.8000: S 1562991516:1562991516(0) win 65535 <mss 1460,nop,nop,sackOK>
148: 12:13:27.981150 802.1Q vlan#1 P0 10.80.224.37.1220 > 163.164.22.109.8000: S 1417559184:1417559184(0) win 65535 <mss 1460,nop,nop,sackOK>
149: 12:13:30.933469 802.1Q vlan#1 P0 10.80.224.37.1220 > 163.164.22.109.8000: S 1417559184:1417559184(0) win 65535 <mss 1460,nop,nop,sackOK>
150: 12:13:36.948742 802.1Q vlan#1 P0 10.80.224.37.1220 > 163.164.22.109.8000: S 1417559184:1417559184(0) win 65535 <mss 1460,nop,nop,sackOK>

I just wanted some advice on other diagnostic commands I could issue to find out where the issue lies. I cannot even see an arp entry for the default route configured on the device...

WalthamFW# sh arp
        inside 10.80.224.32 0024.e8d0.87b5
        inside 10.80.224.1 0026.cb70.70a2

Any advice is appreciated!

thanks

Mario

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5

‎02-07-2011 07:59 AM

Hi there,

Based on the information included I can tell you that the traffic is going out but a reply is not getting back to your ASA.

This line:

TCP out 163.164.22.109:8000 in 10.80.224.37:1220 idle 0:00:00 bytes 0 flags saA

That is a half open TCP connection

The captures show only SYN packets:

142: 11:59:17.747764 802.1Q vlan#1 P0 10.80.224.37.1142 > 163.164.22.109.8000: S 4105096871:4105096871(0) win 65535
143: 11:59:20.606886 802.1Q vlan#1 P0 10.80.224.37.1142 > 163.164.22.109.8000: S 4105096871:4105096871(0) win 65535
144: 11:59:26.622541 802.1Q vlan#1 P0 10.80.224.37.1142 > 163.164.22.109.8000: S 4105096871:4105096871(0) win 65535
145: 12:09:23.127831 802.1Q vlan#1 P0 10.80.224.37.1198 > 163.164.22.109.8000: S 1562991516:1562991516(0) win 65535

Somehow the traffic is not getitng back to the source. You should consider checking the destination IP to see why it is not replying or if there is something else blocking the traffic when returning.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
PAUL GILBERT ARIAS
Level 5
Level 5

‎02-07-2011 07:59 AM

Hi there,

Based on the information included I can tell you that the traffic is going out but a reply is not getting back to your ASA.

This line:

TCP out 163.164.22.109:8000 in 10.80.224.37:1220 idle 0:00:00 bytes 0 flags saA

That is a half open TCP connection

The captures show only SYN packets:

142: 11:59:17.747764 802.1Q vlan#1 P0 10.80.224.37.1142 > 163.164.22.109.8000: S 4105096871:4105096871(0) win 65535
143: 11:59:20.606886 802.1Q vlan#1 P0 10.80.224.37.1142 > 163.164.22.109.8000: S 4105096871:4105096871(0) win 65535
144: 11:59:26.622541 802.1Q vlan#1 P0 10.80.224.37.1142 > 163.164.22.109.8000: S 4105096871:4105096871(0) win 65535
145: 12:09:23.127831 802.1Q vlan#1 P0 10.80.224.37.1198 > 163.164.22.109.8000: S 1562991516:1562991516(0) win 65535

Somehow the traffic is not getitng back to the source. You should consider checking the destination IP to see why it is not replying or if there is something else blocking the traffic when returning.

0 Helpful

Go to solution
marioderosa2008
Level 1
Level 1
In response to PAUL GILBERT ARIAS

‎02-07-2011 09:04 AM

Thanks for that!!

You confirmed what I thought then!

Unfortunately i have no control over the outside network so I am waiting for them to investigate this.

thanks

Mario

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card