Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1179
Views
0
Helpful
4
Replies

Polycom behind ASA

arturo.guzman
Level 1
Level 1

‎01-20-2009 06:21 PM

Hi, I want to put a polycom behind the ASA5505. The ASA is connected to internet by ADSL link and is connected to LAN by a router gateway.

The router gateway have the ip 10.10.244.253 255.255.252.0

the ASA inside interface have the ip 10.10.244.252 255.255.252.0

The polycom have the ip 10.10.244.51 255.255.252.0

the ASA have the default route to the ADSL-LINK and have a static route to the LAN pointed to router gateway.

The polycom gateway is the ASA 10.10.244.252. Then when the polycom need to connect with a device in internet go by ADSL-INTERNET and when need to connect go by LAN's Router Gateway.

But i get this error, when i try to connect with a device in the LAN, the icmp works but tcp and udp connections no.

__________________________________________

%ASA-6-106015: Deny TCP (no connection) from 201.155.93.3/62596 to 187.133.33.210/61115 flags RST ACK on interface outside

%ASA-6-106015: Deny TCP (no connection) from 201.155.93.3/1720 to 187.133.33.210/61114 flags RST ACK on interface outside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/61111 to 10.10.237.150/1720 flags RST on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/61112 to 10.10.237.150/1720 flags RST on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside

%ASA-6-302015: Built outbound UDP connection 660 for inside:10.10.237.150/33434 (10.10.237.150/33434) to NP Identity Ifc:10.10.244.252/49158 (10.10.244.252/49158)

________________________________________

Dou you know how can i fix it ?

Thanks.

Labels:
0 Helpful
4 Replies 4

hunnetvl01
Level 1
Level 1

‎01-21-2009 05:01 AM

Hi,

Can you paste the config along with the ACL s you have ?

Thanks,

Vlad

0 Helpful

arturo.guzman
Level 1
Level 1
In response to hunnetvl01

‎01-21-2009 07:36 AM

This is my configuration.

Preview file
30 KB
0 Helpful

hunnetvl01
Level 1
Level 1
In response to arturo.guzman

‎01-21-2009 08:28 AM

1st

have you tried the both the ACLs:

inside-access-list extended permit ip any any

access-list outside-access-list permit ip any any

access-list outside-access-list permit tcp any any

access-list outside-access-list permit udp

any any

Second , did you try a capture one the inside of the ASA?

capture polycom int inside

can you post the capture output?

try the NAT 0 for teh returen traffic as well:

access-list nonat extended permit ip 10.0.0.0 255.0.0.0 10.10.244.0 255.255.255.0

3rd:

Is everything else working?

Regards,

Vlad

0 Helpful

alexfossa
Level 1
Level 1
In response to hunnetvl01

‎07-05-2018 01:56 PM

How did you solve this? We are having the same issue with a pair of ASA5516's.

Thanks,

Alex

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents