02-13-2013 03:25 AM - edited 03-11-2019 06:00 PM
Trying to add inside routes on an ASA 5505 to point traffic to another gateway for other connected networks is resulting in the following error..
6 | Sep 16 2008 | 19:13:58 | 106015 | 10.184.236.126 | 50038 | 10.170.54.182 | 3389 | Deny TCP (no connection) from 10.184.236.126/50038 to 10.170.54.182/3389 flags RST on interface inside |
I believe the problem is due to the Asymetric tcp connection and the ASA is dropping the connection because it only see one half of the traffic.
Is there a way we can stop the firewall dropping the TCP connections on the inside interface? i've tried removing the threat managment which didnt work.
Annoying thing is were putting the ASA 5505's in to replace old Watchguard soho firewalls only the watchguards forwarded the traffic no problem at all.
Solved! Go to Solution.
02-13-2013 03:35 AM
Hi,
I guess most of the time people go with the TCP State bypass
Heres one link regarding that configuration
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.html
Then again it would still be better to sort out the network setup so that this cant happen in the first place. I didn't quite get a clear picture on what the network is like.
Usually there is a problem when theres a router behind the ASA and hosts in the network segment between the ASA and LAN Router that use the ASA as default gateway. Traffic might first come directly from the router to the host but the host sends all traffic to the ASA and ASA drops the connections/traffic.
- Jouni
02-13-2013 03:35 AM
Hi,
I guess most of the time people go with the TCP State bypass
Heres one link regarding that configuration
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.html
Then again it would still be better to sort out the network setup so that this cant happen in the first place. I didn't quite get a clear picture on what the network is like.
Usually there is a problem when theres a router behind the ASA and hosts in the network segment between the ASA and LAN Router that use the ASA as default gateway. Traffic might first come directly from the router to the host but the host sends all traffic to the ASA and ASA drops the connections/traffic.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide