Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
760
Views
0
Helpful
5
Replies

Problem with an Application after replacing cisco ASA 5520 with 5515-X

apapakons
Level 1
Level 1

‎07-02-2014 07:10 AM - edited ‎03-12-2019 06:06 PM

Hello,

Recently we bought a new firewall ASA 5515-X to replace my 5520 ASA. I used the exact commands of 5520 to configure the new  firewall access rules of 5515-X FW. When I did the migration and used the new firewall all webservers worked except an web-application server. I can communicate with the server but an error is displayed  "No connection could be made to the target machine actively refused it 127.0.0.1:5672". I have an attachment with the error.

 

Now the strange thing is that I logged in the server and with netstat command I verified that the communication of server at TCP port 5672 id established with its loopback interface without passing through firewall. Also the ASA real time logs did not show any communication of server at this port. Still when I placed back to my network my old firewall the application server worked like a charm. When I tried again to migrate to 5515-X I have the same error.

The server is at DMZ zone and the users at internal zone. I have double checked all the commands of firewall and I do not have any idea where the problem is. Does the 5515-X filter anything?Can you suggest any troubleshooting to do? In addition I would like to add the the server instead of using 127.0.0.1:5672 for the comminication with itself uses ipv6 ::1:5672. Any ideas are welcome.

 

 

Labels:
Preview file
155 KB
0 Helpful
5 Replies 5

nkarthikeyan
Level 7
Level 7

‎07-03-2014 12:04 AM

Hi,

I guess there should be some issue with the server. Can you try the settings.....

What worked for me was a combination of both of the prior answers.

Make your /usr/local/etc/rabbitmq/rabbitmq-env.conf look like this:

CONFIG_FILE=/usr/local/etc/rabbitmq/rabbitmq

NODE_IP_ADDRESS=0.0.0.0

NODENAME=rabbit@localhost

(If I remove the NODE_IP_ADDRESS entry completely rabbitmq gives me errors)

 

Before that can you try restarting the web-application servers and ASA?

 

Regards

Karthik

0 Helpful

apapakons
Level 1
Level 1
In response to nkarthikeyan

‎07-03-2014 02:52 AM

Thank you for your replies,

I communicated with the web developer who created this application and we disabled the specific service. I verified it by using netstat.  This Sunday when I will try again the migration and I will follow your suggessions.  If the problem persists I will try to log the error from asa.

 

In any I would like to thank you both for your help. I feel very obliged to you.

0 Helpful

apapakons
Level 1
Level 1
In response to apapakons

‎07-13-2014 11:54 PM

The application error was fixed only to get another application error with the new firewall ASA 5515-X...I have attached the application to my post..It is very weird how a change of firewall (from 5520 to 5515-x) with different version of firware can cause such a trouble.

Preview file
125 KB
0 Helpful

nkarthikeyan
Level 7
Level 7

‎07-03-2014 01:48 AM

Also can you try with the packet-tracer command in ASA to check the flow is correct or not.

 

packet-tracer input inside tcp <source ip address> <source port> <web application server ip> 5672 detailed

 

If this gives all okay and up results then you do not have any problems in ASA....

 

Regards

Karthik

0 Helpful

Marius Gunnerud
VIP
VIP
In response to nkarthikeyan

‎07-03-2014 02:11 AM

This might be an ARP issue on the server.

I would suggest deleting the arp cache on the server and then test the connection.

netsh interface ip delete arpcache

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card