Bit of a strange one which I could do with some advice on.

We have a site to site VPN tunnel that consists off a Cisco 877 at a remote site and a Cisco ASA5510 at the Head Office.

Remote Site 192.168.100.0/24 > Head Office 192.168.0.0/24

telnet 192.168.0.36 25 works

telnet 192.168.0.34 443 works

telnet 192.168.0.202 21050 fails

ping 192.168.0.202 works

The VPN tunnel is working in No NAT mode and allows IP any from each subnet. AD replication works fine across the VPN tunnel and so does telnet from the remote subnet to an exchange/web server at the Head Office.

The device on 192.168.0.202 is listening on the required port as we can telnet to it locally.  The device does have a different gateway, but a route statement is in place to use 192.168.0.2 as it's default gateway for 192.168.100.0/24 traffic.

What doesn’t work is a connection to the phone system, we get the following in the logs:

6              Jun 09 2011         22:20:20               302013  192.168.100.1     60759    192.168.0.202     21050    Built inbound TCP connection 5799085 for outside:192.168.100.1/60759 (192.168.100.1/60759) to inside:192.168.0.202/21050 (192.168.0.202/21050)

6              Jun 09 2011         22:20:44               302014  192.168.100.1     60759    192.168.0.202     21050    Teardown TCP connection 5799085 for outside:192.168.100.1/60759 to inside:192.168.0.202/21050 duration 0:00:24 bytes 0 TCP Reset-O

It seems that the Outside Interface is resetting the transaction.

I have put in place the following and I can’t seem to make it work:

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

sysopt connection timewait

Any ideas would be appreciated.