03-16-2018 06:27 AM - edited 02-21-2020 07:31 AM
I've a connection site-2-site from network 192.168.173.0/24 to 192.168.149.0/24, an ASA 5512 and ASA 5508-x firepower connected.
There's my problem:
I can access the https pages from network 192.168.173.0 through network 192.168.149.0 but can't do it in the inverse way:
Here's the problem:
6 | Mar 16 2018 | 10:21:51 | 302014 | 192.168.173.43 | 51707 | 192.168.149.254 | 443 | Teardown TCP connection 784262 for NET_189.4.2.92:192.168.173.43/51707 to inside:192.168.149.254/443 duration 0:00:30 bytes 0 SYN Timeout |
03-17-2018 11:04 PM
Hello,
It looks like a routing issue on the side where 192.168.149.x network is present. The traffic is getting initiated from 192.168.173.x network but the syn-ack never comes back. Either the host 192.168.149.254 does not have a route back or it is not listening on the desired port.
If there is a layer3 device apart from ASA, you can check routing there as well.
-
HTH
AJ
03-18-2018 03:52 AM
Can you ping from
192.168.149.254 to |
192.168.173.43 ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: