SYN issue on Static NAT

srsiddiqui2007 · ‎11-13-2012

I am having a SYN issues when configuring Static Route with NAT / PAT. Below configuration was working 
absolutely fine till i added some more commands (BOLD ones) so that my other internal website 
is accessible over internet. Whenever i try to access the website over internet i am getting 
SYN error on Syslog.

access-list 201 extended permit ip any any
access-list 201 extended permit tcp any host (Public IP) eq https inactive

global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 10.10.1.0 255.255.255.0
nat (inside1) 1 192.168.3.51 255.255.255.255
static (inside1,outside) tcp interface www 192.168.3.32 www netmask 255.255.255.255

access-group 201 in interface outside


access-list 201 extended permit tcp any interface outside eq 4026

static (inside1,outside) tcp interface 4026 192.168.3.34 4026 netmask 255.255.255.255



Local4.Info     192.168.3.50     %ASA-6-302014: Teardown TCP connection 257819 for outside:
115.x.x.x/53208 to inside1:192.168.3.34/4026 duration 0:00:30 bytes 0 SYN Timeout
Local4.Info     192.168.3.50     %ASA-6-302013: Built inbound TCP connection 257820 for outside:
115.x.x.x/53225 (115.x.x.x/53225) to inside1:192.168.3.34/4026 (1.2.3.4/4026)

cadet alain · ‎11-13-2012

Hi,

-have you tried from inside to this port ?

-does this server has a correct default route to reply ?

- isn't there any software firewall on this machine that could prevent communication ?

Regards.

Alain

Don't forget to rate helpful posts.

srsiddiqui2007 · ‎11-13-2012

-have you tried from inside to this port ?

Yes, the website is working fine from Inside LAN

-does this server has a correct default route to reply ?

yes, the default gateway of Server is 192.168.3.50 (inside1)

- isn't there any software firewall on this machine that could prevent communication ?

No software firewall enabled