12-16-2010 07:51 AM - edited 03-11-2019 12:23 PM
Hello,
We currently have an ASA running 7.2(2). We have NAT rules setup to change XXX.XXX.93.106 to 10.70.8.31 on port 636 for external LDAP connection. This rule is working without a problem for two of our external websites.
We are trying to connect to another site but I continue to receieve these messages:
6 Dec 16 2010 10:31:49 106015 75.126.254.94 xxx.xxx.93.106 Deny TCP (no connection) from 75.126.254.94/57631 to xxx.xxx.93.106/636 flags FIN ACK on interface VPN_Outside
6 Dec 16 2010 10:31:49 106015 75.126.254.94 xxx.xxx.93.106 Deny TCP (no connection) from 75.126.254.94/57631 to xxx.xxx.93.106/636 flags ACK on interface VPN_Outside
Here are the rules allowing traffic on port 636:
access-list VPN_Outside_access_in extended permit tcp object-group Wikispaces_LDAP host xxx.xxx.93.106 eq ldaps
Here are the IP addresses in Wikispaces_LDAP:
object-group network Wikispaces_LDAP
network-object host 75.126.102.45
network-object host 75.126.254.94
network-object host 208.43.219.254
network-object host 75.126.102.43
network-object host 208.43.219.251
network-object host 75.126.254.93
network-object host 75.126.102.44
network-object host 75.126.254.92
network-object host 208.43.205.127
network-object host 66.228.116.239
network-object host 208.43.219.250
Any ideas?