Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2044
Views
0
Helpful
6
Replies

X-Ray images can't be browsed once placed Sectra PACS servers behind firewall

ccie16351
Level 1
Level 1

‎07-01-2020 04:02 PM

Hi,

to comply to hospital's rules, we moved Sectra PACS servers behind ASA-5585 Data Center firewall. 

The issue is, medical staff can't browse the images once PACS servers are behind the firewall.

 

The servers are pingable from workstations at the hospital campus but failed browse the x-ray images, things get back to normal once rolled backed the change

 

The firewall rules has been relaxed to allow ip traffic from the workstation we are using for testing to PACS security zone 

 

Appreciate your input

 

Thanks

Sam

   

0 Helpful
6 Replies 6

Rob Ingram
VIP
VIP

‎07-01-2020 10:46 PM

Hi,

If your ACL is permitting traffic ok, then perhaps traffic could be unintentially NATTED?

Can you provide the output of "show nat detail" and let us know the source and destination IP addresses.

Can you run packet-tracer from the CLI to simulate the traffic and provide the output for review.


HTH

 

0 Helpful

ccie16351
Level 1
Level 1
In response to Rob Ingram

‎07-02-2020 01:15 PM

Hi

there is no nat, firewall is DataCenter running software image 9.6.  NAT is disabled by default 

 

packet trace is not available. I did rolled back, I may collect on next try but ping is working

thanks

0 Helpful

Rob Ingram
VIP
VIP
In response to ccie16351

‎07-02-2020 01:42 PM

Can you provide the configuration of the ASA? And indicate the source and destination is addresses of the devices in question.

0 Helpful

ccie16351
Level 1
Level 1
In response to Rob Ingram

‎07-05-2020 01:52 AM

Hi

Thank you so much for your interest. I have attachedg ASA configuration. The x-ray servers (destination) are 172.16.34.0 network and the source is any IPv4 address coming from the hospital campus

 

I am suspecting the IPS, it could be halting the traffic or probably the MTU size, x-ray (PACS) might require jump frame. Anyway, I am waiting for your assessment.

 

Thanks

 

 

 

 

Preview file
6 KB
0 Helpful

Sheraz.Salim
VIP
VIP
In response to ccie16351

‎07-05-2020 03:40 AM - edited ‎07-05-2020 03:55 AM

The X-Ray server (destination) is residing in OUTSIDE interface. where is the source ip addresses are coming from? you have to provide more information in more clear format. we cant help you without having a clear understating. need more information to help you.

 

I am curious if your destination is outside interface and if you source ip addresses are behind firewall in that case you might need NAT/ACLs in place.

 

looking into your configuration "Interface Port-channel10.333 SZ_333" is in shutdown.

 

can you show us the output of this command

packet-tracer input OUTSIDE tcp 192.168.100.25 12345 172.16.34.52 443

*192.168.100.25 is your source ip address
please do not forget to rate.
0 Helpful

ccie16351
Level 1
Level 1
In response to Sheraz.Salim

‎07-05-2020 05:35 AM

Hi 

the destination server looks as if it is in the Outside because I rolled back the change, until I figure out what is the problem

 

Thanks

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card