01-20-2009 06:21 PM
Hi, I want to put a polycom behind the ASA5505. The ASA is connected to internet by ADSL link and is connected to LAN by a router gateway.
The router gateway have the ip 10.10.244.253 255.255.252.0
the ASA inside interface have the ip 10.10.244.252 255.255.252.0
The polycom have the ip 10.10.244.51 255.255.252.0
the ASA have the default route to the ADSL-LINK and have a static route to the LAN pointed to router gateway.
The polycom gateway is the ASA 10.10.244.252. Then when the polycom need to connect with a device in internet go by ADSL-INTERNET and when need to connect go by LAN's Router Gateway.
But i get this error, when i try to connect with a device in the LAN, the icmp works but tcp and udp connections no.
__________________________________________
%ASA-6-106015: Deny TCP (no connection) from 201.155.93.3/62596 to 187.133.33.210/61115 flags RST ACK on interface outside
%ASA-6-106015: Deny TCP (no connection) from 201.155.93.3/1720 to 187.133.33.210/61114 flags RST ACK on interface outside
%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/61111 to 10.10.237.150/1720 flags RST on interface inside
%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside
%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/61112 to 10.10.237.150/1720 flags RST on interface inside
%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside
%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside
%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside
%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside
%ASA-6-302015: Built outbound UDP connection 660 for inside:10.10.237.150/33434 (10.10.237.150/33434) to NP Identity Ifc:10.10.244.252/49158 (10.10.244.252/49158)
________________________________________
Dou you know how can i fix it ?
Thanks.
01-21-2009 05:01 AM
Hi,
Can you paste the config along with the ACL s you have ?
Thanks,
Vlad
01-21-2009 07:36 AM
01-21-2009 08:28 AM
1st
have you tried the both the ACLs:
inside-access-list extended permit ip any any
access-list outside-access-list permit ip any any
access-list outside-access-list permit tcp any any
access-list outside-access-list permit udp
any any
Second , did you try a capture one the inside of the ASA?
capture polycom int inside
can you post the capture output?
try the NAT 0 for teh returen traffic as well:
access-list nonat extended permit ip 10.0.0.0 255.0.0.0 10.10.244.0 255.255.255.0
3rd:
Is everything else working?
Regards,
Vlad
07-05-2018 01:56 PM
How did you solve this? We are having the same issue with a pair of ASA5516's.
Thanks,
Alex
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: