cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
286
Views
0
Helpful
2
Replies

Problem to Access App Server

Reuven Elkabetz
Level 1
Level 1

                   Hi All,

I am using ASA 5520 as device for VPN client connection to the company and I have the following netork layout:

Users connecting to ASA using Cisco VPN client , connecting to Inside interface.

Outside interface connecting to local network , to my FWSM FW.

The App server is connecting in FWSM side.

I can ping both sides but when I am using telnet from the VPN client to the server on port 135 for example, I am receiving SYN Ack and RST Ack from the FWSM.

Any idea what cpuld be the reason?

Thanks,

Reuven

2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Are you sure that they are coming from the actual server?

Usually the only thing that the Cisco firewall should do is either Reset a connection or let it timeout when its blocked. Depending on how you have configured the unit to behave in that respect.

Though this document came to mind when I saw what you posted

https://supportforums.cisco.com/docs/DOC-12747

How have you confirmed that the SYN ACK and Reset are coming from the FWSM?

Naturally its hard to say much about this since we cant see any configurations.

Sadly the FWSM doesnt have the "packet-tracer" command either to help us determine that the rules/configurations are correct.

- Jouni

Hi Jouni,

Thanks a lot for your reply.

Actually I ran wireshark on both sides while trying to telnet from the Cisco vpn client to the server that is connected on the FWSM side. I cheched the trace and I saw that IP of the client with the MAC of the FWSM.

The strange thing is that I have ping from client to server but it looks like it is bloking the ports that I want to get.

And I opened both side full IP.

Thanks,

Reuven

Review Cisco Networking for a $25 gift card