Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3253
Views
0
Helpful
3
Replies

Microsoft SQL Server and Anyconnect Remote Client VPN

rschaeling
Level 1
Level 1

‎10-30-2012 02:27 AM - edited ‎03-11-2019 05:16 PM

First - it may be a newbies question.
I ve configures an asa 5505 for remote vpn with anyconnect. it works just fíne - from remote i can ping the Clients and Server inside, i can do RDP or Connect via SSH to any machine, map some volumes local and so on but:

I can not connect microsoft sql server. It uses port 1433 for the first connect and establishes then a dynamic connection. So i am a Newbie  - what rules or configs do i miss?   

Roland       

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎10-30-2012 02:37 AM

Hi,

I would first go through the logs either from separate syslog server (if you are using one) OR use the ASDMs real time monitor to check what happens to connections between the server and your VPN users.

I can't think of anything specific at the moment. Especially since you say all the other connections you take through the VPN are working just fine.

Best situation would be if you could take some logs from the connection attempt and share them here.

- Jouni

0 Helpful

rschaeling
Level 1
Level 1
In response to Jouni Forss

‎10-30-2012 04:18 AM

Hi Jouni

...and thx for prompt reply -

here are the interesting lines of the log...

I think, i ve to do some ACL or NAT Exempts to allow dynamic connections between 192.168.100.x and 192.168.0.5 (inside server) ?

Roland

snip---snap---snip----snap

6|Oct 30 2012|12:03:10|302016|192.168.100.10|137|swserver|137|Teardown UDP connection 1008420 for outside:192.168.100.10/137 to inside:swserver/137 duration 0:02:04 bytes 150 (roland)
6|Oct 30 2012|12:01:14|302014|192.168.100.10|5126|swserver|139|Teardown TCP connection 1008416 for outside:192.168.100.10/5126 to inside:swserver/139 duration 0:00:30 bytes 0 SYN Timeout (roland)
6|Oct 30 2012|12:01:14|302014|192.168.100.10|5125|swserver|445|Teardown TCP connection 1008415 for outside:192.168.100.10/5125 to inside:swserver/445 duration 0:00:30 bytes 0 SYN Timeout (roland)
6|Oct 30 2012|12:01:14|302014|192.168.100.10|5124|swserver|445|Teardown TCP connection 1008414 for outside:192.168.100.10/5124 to inside:swserver/445 duration 0:00:30 bytes 0 SYN Timeout (roland)
6|Oct 30 2012|12:01:14|302014|192.168.100.10|5123|swserver|445|Teardown TCP connection 1008413 for outside:192.168.100.10/5123 to inside:swserver/445 duration 0:00:30 bytes 0 SYN Timeout (roland)
6|Oct 30 2012|12:01:13|302014|192.168.100.10|5122|swserver|445|Teardown TCP connection 1008412 for outside:192.168.100.10/5122 to inside:swserver/445 duration 0:00:30 bytes 0 SYN Timeout (roland)
6|Oct 30 2012|12:01:05|302015|192.168.100.10|137|swserver|137|Built inbound UDP connection 1008420 for outside:192.168.100.10/137 (192.168.100.10/137) to inside:swserver/137 (swserver/137) (roland)
6|Oct 30 2012|12:00:52|302014|192.168.100.10|5117|swserver|1433|Teardown TCP connection 1008358 for outside:192.168.100.10/5117 to inside:swserver/1433 duration 0:00:30 bytes 0 SYN Timeout (roland)
6|Oct 30 2012|12:00:44|302013|192.168.100.10|5126|swserver|139|Built inbound TCP connection 1008416 for outside:192.168.100.10/5126 (192.168.100.10/5126) to inside:swserver/139 (swserver/139) (roland)
6|Oct 30 2012|12:00:44|302013|192.168.100.10|5125|swserver|445|Built inbound TCP connection 1008415 for outside:192.168.100.10/5125 (192.168.100.10/5125) to inside:swserver/445 (swserver/445) (roland)
6|Oct 30 2012|12:00:44|302013|192.168.100.10|5124|swserver|445|Built inbound TCP connection 1008414 for outside:192.168.100.10/5124 (192.168.100.10/5124) to inside:swserver/445 (swserver/445) (roland)
6|Oct 30 2012|12:00:44|302013|192.168.100.10|5123|swserver|445|Built inbound TCP connection 1008413 for outside:192.168.100.10/5123 (192.168.100.10/5123) to inside:swserver/445 (swserver/445) (roland)
6|Oct 30 2012|12:00:43|302013|192.168.100.10|5122|swserver|445|Built inbound TCP connection 1008412 for outside:192.168.100.10/5122 (192.168.100.10/5122) to inside:swserver/445 (swserver/445) (roland)
6|Oct 30 2012|12:00:22|302013|192.168.100.10|5117|swserver|1433|Built inbound TCP connection 1008358 for outside:192.168.100.10/5117 (192.168.100.10/5117) to inside:swserver/1433 (swserver/1433) (roland)

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to rschaeling

‎10-30-2012 07:25 AM

Hi,

The only thing I can see in those logs (that is a problem) is the TCP/445 and TCP/1433 connection attempts from your VPN connection that are getting SYN Timeout. In other words the local computer hosting the service isnt responding to the connection attempt/initiation.

To my understanding TCP/445 is used for Windows network drive mapping.

So the above logs dont show any connection beeing blocked by the firewall. They just show connection attempts that arent beeing responded to by the device on the LAN.

I guess if you are using a Windows machine as the server you could check if the services are beeing "listened" by the server

  • Start menu -> Run
  • write "cmd" and press enter
    • With Windows 7 I guess you just write the same thing straight to the search bar that opens up when you open the Start menu.
  • type "netstat -a" in the command prompt that opened and check if the above ports are listed in the output

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card