04-23-2013 03:02 PM - edited 03-11-2019 06:33 PM
Hi everyone,
ASA has 2 interfaces say x and y.
From interface x when on subnet say 171.31.0.0 mask /24 i am able to ssh server.
ASA shows hit counts.
When on subnet 171.23 ssh does not work.logs shows tcp reset 0 thats from interface y.
both subnets have connection from interface x to server which is on ASA interface y.
I check IP on interface x it shows 171.15.0.0/12.
Thanks
MAhesh
Solved! Go to Solution.
04-23-2013 07:14 PM
Hi,
I would imagine that you have some "object-group network" or "object network" or some such object used in the ACL and when you keep your mouse over the object it shows the IP address/network configured under it.
I can't really say for sure as I dont use ASDM in general.
- Jouni
04-24-2013 10:44 AM
Hi Jouni,
Seems there was another firewall inbetween the server that did not have ACL to allow the user subnet.
So it was blocking the connection.
Many thanks for all the answers.
Best regards
MAhesh
04-24-2013 10:49 AM
Ok,
Glad its working now.
It seems that the firewall that is between is either an ASA that is configured differently from the default operation OR its a firewall from different manufacturer.
ASA firewalls by default dont send TCP Reset to connections that they block (BUT they can be configured to do this). By default the connection will simply timeout and your ASA would have then seen a Teardown message with SYN Timeout (Instead of TCP Reset-O). Seems that this firewall in between just immediately Resets the TCP connection if its not allowed according to the firewalls rules.
- Jouni
04-24-2013 10:54 AM
Hi Jouni,
you got it its configured differently in non routed mode.
Thanks
MAhesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide