08-08-2013 11:32 AM - edited 03-11-2019 07:23 PM
Hi Everyone,
On ASA i allowed Rule to access server on port http.
access-list Net_PC_access_in line 50 extended permit tcp host 192.168.50.12 host 192.168.55.188 eq http
After allowing this rule i can see hit counts on the rule but user is still unable to access the server via http.
Logs from ASA
Built outbound TCP connection 354050568 for Net:192.168.55.188/80 (192.168.55.188/80) to Net_PC_access_in:192.168.50.12/57524 (192.168.50.12/57524)
Teardown TCP connection 354050427 for Net:192.168.55.188/80 to Net_PC_access_in:192.168.50.12/57522 duration 0:00:30 bytes 0 SYN Timeout
where 192.168.55.188 is server ip
192.168.50.12 is user PC.
I check routing on ASA it has Route to PC from interface where server is connected,
What should i check next?
Same server i can access from another subnet.
Regards
Mahesh
Solved! Go to Solution.
08-08-2013 12:37 PM
Hi Mahesh,
If we see "Built outbound TCP connection...." log message on the firewall that means the connection has gone through the firewall.
The "Teardown TCP connection..." log message in this case indicates that the connection timed out because the remote end (server) didnt reply to the attempt of the user to form the TCP HTTP connection.
The log messages you posted by the way arent messages from a same connection. You can look at the connection number (or even the source port) and see that they are messages for a different connection.
I would have to say that the most common reason is that there is some routing problem, software firewall or problem with the actual service on the server.
But you say that the server can be accessed from other hosts? Are these hosts from the same network as the user 192.168.50.12?
I am afraid it will be hard to say anything specific about this without seeing the configuration.
- Jouni
08-08-2013 12:37 PM
Hi Mahesh,
If we see "Built outbound TCP connection...." log message on the firewall that means the connection has gone through the firewall.
The "Teardown TCP connection..." log message in this case indicates that the connection timed out because the remote end (server) didnt reply to the attempt of the user to form the TCP HTTP connection.
The log messages you posted by the way arent messages from a same connection. You can look at the connection number (or even the source port) and see that they are messages for a different connection.
I would have to say that the most common reason is that there is some routing problem, software firewall or problem with the actual service on the server.
But you say that the server can be accessed from other hosts? Are these hosts from the same network as the user 192.168.50.12?
I am afraid it will be hard to say anything specific about this without seeing the configuration.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide