I have the following setup
|| Socks Server || >> Switch1 >> ||Cisco 5520 ASA || -->> | Switch 2| -->> Clients
I have a SSH SOCKS tunnel set up on the socks server which is a linux box.
When I connect my machine to the switch 2, I am NOT able to recieve and mail by setting up a mail client and it seems SOCKS traffic does not reach the socks server. I can however run a telnet command on port 1080 (socks port) which connects which shows that the port was going through and open. However there was no SOCKS traffic..
When I connected the machine to Switch 1, SOCKS traffic worked as expected snd I was able to recieve mail.
This suggests to me that the ASA has some inherent rule that does not allow SOCKS traffic...
IS this true and if so how can I bypass this?
Since you mentioned that bypassing the Cisco ASA FW, the SOCKS connection works fine. Then it’s clear that the Cisco FW is the issue here. Cisco FW doesn’t support SOCKS running on it, but it can pass SOCKS traffic through, since it uses TCP. I’m assuming from the client to the server, routing is good, hence you’re able to ping the server from the client.
My guess is permitting TCP/1080 isn’t enough to make this connection through. Perhaps, more TCP ports are needed to be permitted. To confirm this, you could perform the following;
To place your workstation in Switch1 and Switch2, run Wireshark and initiate the communication. With both this packet captures, you’ll be able to see the TCP port numbers needed to have a successful communication between the client and the server.
To issue the “clear service-policy” command and initiate the communication and capture the “show service-policy” to ensure the Cisco ASA FW isn’t dropping any packets.
P/S: if you think this comment is useful, please do rate them nicely :-)
thank you for your reply.
I have actually also tested by allowing all traffic to our SOCKS servers and that still does not work which is why I am led to beleive that the Cisco ASA has an inherent rule that blocks SOCKS traffic. Although I do not see that in the logs.
I strongly believe you've a Cisco FW configuration error, assuming routing is all fine :-) This is because SOCKS works based on TCP.
If you'd like, we could do a quick Teamviewer session to look into this matter. Let me know if you're keen.