Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
728
Views
0
Helpful
1
Replies

Inside routes on Cisco ASA

Go to solution
andy_4578
Level 1
Level 1

‎02-13-2013 03:25 AM - edited ‎03-11-2019 06:00 PM

Trying to add inside routes on an ASA 5505 to point traffic to another gateway for other connected networks is resulting in the following error..

6Sep 16 200819:13:5810601510.184.236.1265003810.170.54.1823389Deny TCP (no connection) from 10.184.236.126/50038 to 10.170.54.182/3389 flags RST on interface inside


I believe the problem is due to the Asymetric tcp connection and the ASA is dropping the connection because it only see one half of the traffic.

Is there a way we can stop the firewall dropping the TCP connections on the inside interface? i've tried removing the threat managment which didnt work.

Annoying thing is were putting the ASA 5505's in to replace old Watchguard soho firewalls only the watchguards forwarded the traffic no problem at all.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎02-13-2013 03:35 AM

Hi,

I guess most of the time people go with the TCP State bypass

Heres one link regarding that configuration

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.html

Then again it would still be better to sort out the network setup so that this cant happen in the first place. I didn't quite get a clear picture on what the network is like.

Usually there is a problem when theres a router behind the ASA and hosts in the network segment between the ASA and LAN Router that use the ASA as default gateway. Traffic might first come directly from the router to the host but the host sends all traffic to the ASA and ASA drops the connections/traffic.

- Jouni

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎02-13-2013 03:35 AM

Hi,

I guess most of the time people go with the TCP State bypass

Heres one link regarding that configuration

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.html

Then again it would still be better to sort out the network setup so that this cant happen in the first place. I didn't quite get a clear picture on what the network is like.

Usually there is a problem when theres a router behind the ASA and hosts in the network segment between the ASA and LAN Router that use the ASA as default gateway. Traffic might first come directly from the router to the host but the host sends all traffic to the ASA and ASA drops the connections/traffic.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card