cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1507
Views
0
Helpful
1
Replies

SFTP through Cisco ASA

soliver2005
Level 1
Level 1

Hi,

We are trying to get SFTP working from a server (x.x.128.13) within our network to another companies server (x.x.114.132) which we connect to via the Internet.  From our server the connection hits our ASA Firewall where we have rules in place to allow the connection on a customised port of 29052. The firewall then NAT's the Source IP of our server to a Public IP (x.x.36.60), thus making it routable on the Internet.

We have done some packet captures on our ingress (inside) interface and egress (internet) interface and we can see that the 3 way TCP handshake is successful between the two servers but then all further communication fails.

We see no further packets on our ingress interface but we do see further packets on the egress side.  What we see is a "RST+ACK" from the destination server but this is never passed on to the server within our network.  We also see our ack packet from the 3 way handshake being sent back to the destination server but again this only appears for the egress capture, and is not being sent by the server.  Both of these packets repeat about 6 times and then we see nothing further.

I have attached the packet capture.

At the far end the 3rd party don't see any of our repeated ACK's and when the connection works normally through a different infrastructure/firewall we see the 4th packet as a normal packet.  The initial payload of this RST+ACK is the same payload we see in the 4th packet when the connection works.

Any help with this would be appreciated.

Regards

Stuart

1 Reply 1