04-27-2011 01:47 PM - edited 03-11-2019 01:26 PM
I am using an ASA5550 for a complex secure network that has at least six "outside" networks. Each "outside" network is assigned to a specific port each set at level "0". I also have a DMZ, set to level "50". I am having difficulty with passing traffic from a host in the DMZ to all but one of the "outside" networks. Is there a limit to the number of "outside" interfaces? I will provide a redacted config file as soon as possible.
Thanks in advance!!
04-27-2011 02:34 PM
Hi!
Well no, you can have as many interfaces with a security level of 0 as the ASA can support, maybe doing a packet tracer will give you the answer as of why the Packet is being dropped:
packet-tracer input dmz tcp
That would simulate a packet going from the DMZ to the outside doing an RDP session, if it is being dropped by the firewall it will tell where and why.
Cheers
Mike
04-27-2011 02:51 PM
First, thank you for the reply.
That's the odd thing, the packets appear to pass just fine. I can see the connection established and torn down by the ASA, but the actual link between the hosts is never really up. The actual port being used is TCP/8088, but I've set the rule(s) to allow ip and still get the same results.
04-27-2011 02:58 PM
Hi,
Nice, what is the reason for the teardown? Would you please take a packet capture on the ASA?
access-list capture permit tcp any any eq 8088
access-list capture permit tcp any eq 8088 any
capture capin access-list capture interface dmz
capture capout access-list capture interface outside
Try the connection and then do a show cap capin and show cap capout and we will take it from there.
Cheers
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide