NAT issue in ASA 5510 5.2(3)

binoj.savariyar · ‎08-16-2011

Hi,

I am facing some issues on static NAT

after my IOS upgrade from 7.2(3)

I am getting some peculiar error

%ASA-6-302013: Built inbound TCP connection 654734 for dmz:172.19.19.141/27685 (172.19.19.141/27685) to inside:192.168.16.250/3389 (172.19.22.91/3389)

%ASA-6-302014: Teardown TCP connection 654734 for dmz:172.19.19.141/27685 to inside:192.168.16.250/3389 duration 0:00:00 bytes 0 TCP Reset-I

Configuration

static (inside,dmz) 172.19.22.91 192.168.16.250 netmask 255.255.255.255

access-group dmz_in in interface dmz

access-list dmz_in extended permit ip host 172.19.19.141 host 172.19.22.91

I am trying to access a machine in Inside from Dmz

interface Ethernet0/2

nameif dmz

security-level 50

interface Ethernet0/1

nameif inside

security-level 100

varrao · ‎08-16-2011

What OS are you using now??

Try taking captures and check where the packets are getting dropped, it seems that the server is sending a reset to the connection.

https://supportforums.cisco.com/docs/DOC-1222

Thanks,

Varun

Thanks,
Varun Rao

binoj.savariyar · ‎08-16-2011

Hi Varun,

Thanks for your inputs

binoj.savariyar · ‎08-16-2011

IOS is 8.2(4)

praprama · ‎08-31-2011

Hi Binoj,

The hjost in the inside seems to be sending a RST. Are you able to RDP to that inside host (192.168.16.250) from another host in the same inside network?

Regards,

Prapanch