Re: How many "outside" interfaces are allowed on ASA 5550?

BEHowardGRDA · ‎04-27-2011

I am using an ASA5550 for a complex secure network that has at least six "outside" networks. Each "outside" network is assigned to a specific port each set at level "0". I also have a DMZ, set to level "50". I am having difficulty with passing traffic from a host in the DMZ to all but one of the "outside" networks. Is there a limit to the number of "outside" interfaces? I will provide a redacted config file as soon as possible.

Thanks in advance!!

Maykol Rojas · ‎04-27-2011

Hi!

Well no, you can have as many interfaces with a security level of 0 as the ASA can support, maybe doing a packet tracer will give you the answer as of why the Packet is being dropped:

packet-tracer input dmz tcp 1025 3389

That would simulate a packet going from the DMZ to the outside doing an RDP session, if it is being dropped by the firewall it will tell where and why.

Cheers

Mike

BEHowardGRDA · ‎04-27-2011

First, thank you for the reply.

That's the odd thing, the packets appear to pass just fine. I can see the connection established and torn down by the ASA, but the actual link between the hosts is never really up. The actual port being used is TCP/8088, but I've set the rule(s) to allow ip and still get the same results.

Maykol Rojas · ‎04-27-2011

Hi,

Nice, what is the reason for the teardown? Would you please take a packet capture on the ASA?

access-list capture permit tcp any any eq 8088

access-list capture permit tcp any eq 8088 any

capture capin access-list capture interface dmz

capture capout access-list capture interface outside

Try the connection and then do a show cap capin and show cap capout and we will take it from there.

Cheers

Mike