Showing results for 
Search instead for 
Did you mean: 

SMB over VPN does not work after update to ASA 8.0.4

This weekend I upgraded our Cisco ASA 5510 to the most recent ASA software 8.0.4 but sinse then I can't reach our servers with smb anymore "\\servername\share\" also http does not work anymore. there simply does not happen anything anymore..

for http I get the following error:

6 Sep 29 2008 10:10:19 106015 3966 80 Deny TCP (no connection) from to flags FIN ACK on interface outside

and for smb

6 Sep 29 2008 09:42:12 106015 445 3902 Deny TCP (no connection) from to flags ACK on interface inside

Before the upgrade everything worked without any trouble!

I there Anything that's changed in the new ASA and what could be the solution?




This message is logged when the Firewall discards a TCP packet that has no associated connection in the Firewall unit's connection table. The Firewall looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the PIX Firewall discards the packet.


Allright.. and any idea why this worked on the 8.0.2 and not on the 8.0.4 anymore?

And what could be the solution?


No idea to be honest - have you compared the configs from before the upgrade to now? Is anything missing?

Is SMB over VPN the only issue you are seeing? What type of VPN is it, L2L, Client, WebSSL?

Have you checked the bug track for the 8.0.4 image? Was there a specific reason why you upgraded?


I updated to 8.0.4 because Cisco told me so after having some trouble with crashes and reboots of my ASA.

I'm using the Cisco VPN client.

And I compared the configs but there only ara some changes after updating to 8.0.4

the things that changed are:

1: (added)

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

2: (added after each crypto map)

crypto map outside_map xx set security-association lifetime seconds 28800

crypto map outside_map xx set security-association lifetime kilobytes 4608000

3: (added)

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200


LOL - sorry but that is funny, to upgrade to finx crashes and reboots.....if anything you should have downgraded!

The changes you have made would not stop SMB traffic over the VPN. What could be the issue is the DNS.

Are you allowing the client to resolve to your internal network the names of the servers? Have you tried browsing the shares using the IP address of the server instead of the name?


DNS is not the problem, RDP does work but also http does not work.

Explorer does not get the actual traffic. Cisco allready called to solve the problem but they can't fix it right away. they had to analyze captured data from whireshark and Asa to look for a solution. Until then I downgraded to 8.0.2 again and now it workes again..


Basically, you're trading one "ED" code for

another one.

That's what happened when you run "ED" code.



i have same problem with 8.0.4, 8.0.2 is ok with same cfg. Do you have any solutions please ?




It's a Bug in the 8.0.4, after calling Cisco tech support they tried to replicate the error and foud out they also have the same problem with 8.0.4 but not with a newer (internal version) now I got the version from the support team to solve the problem. And that worked. If you also would like this version, you must contact tech support.

I hope this could help you.


thank you very much, i tried 8.0.4(3), its bad too :-(. i will try tech sup


I had a similar problem after upgradeing to 8.0.4 and found that IP Compression was turned on in the group policy for my VPNs. It was off before the upgrade and was enabled after. Once I turned it off, all the problems went away and it works fine.

Check your Group Policies and look for the following:

ip-comp enable

If you find it enter the following:

no ip-comp


ip-comp disable


amazing :-), i disabled it and all is ok.

thank you


Content for Community-Ad