I have a simple network pictured above. The Firewalls are ASA5505's.
I have it setup just like the picture. THe left ASA has an ISP and is the default gateway of the 10.10.4.0 net.
The right ASA is the default gatewy for the 172.16.7.0 net, and has a seperate ISP connection.
I wanted to connect the networks(I had the oppurtunity), so I created a new interface on the right ASA and gave it an IP on the 10.10.4.0 net.
I created the same-sec intra and inter commands, and created a static route statment on the left ASA.
The switches are dumb(No layer 2 or layer 3 configs)
I can ping across, anhy host to any host. Both ways, no questions asked.
I cannot get any other service to work, no RDP, no CIFS, SAMBA, HTTP, no nothing. I have no idea what I may be missing.
I should note that the ASA's have no access-lists configured for any interface, just the defaults. The only access lists configure are the outside_acces_in lists for NAT and firewall purposes.
I have even gone through and added ip any any rules on all interfaces with no luck.
Based on what little information you provided, my best guess is that the traffic might be subject to nat in any direction on any of the two ASA's.
You probably have already found the link below which covers the topic quite extensively from a troubleshooting angle:
Can you please post the out of the following from both the Firewalls :-
sh run interface
sh int ip bri
Just want to help answer my posts. I found the answer for this. What's happening is that the ASA see's the TCP traffic going there, but the router sends it straight to the host on the return, therefore, the ASA doesn't see the correct tcp sequence, and kills the connection.
I worked around this using a feature called TCP-State-Bypass. You can find more details on it using this doc:
Just want to make sure for those googling, that there is an answer.