My company recently purchased 35 ASA 5500 series device to replace Sonicwall FireWalls. To make the Cisco deployment a painless one, I have decided to install a 5520 in parallel with the sonicwall at the corporate office. The cisco will be given the address of everyones default gateway. For those offices the currently have tunnels from their sonicwall to the sonicwall at corporate, there will be a static route in the asa that will redirect the requests for those networks through the sonicwall. As the asa devices come online and establish a tunnel with the asa at corporate, we will remove the static route that redirects those requests to the sonicwall one by one.
This senario works great when i am pinging a remote computer. but when i try to browse to a remote computer i get the following error:
%PIX|ASA-6-106015: Deny TCP (no connection) from IP_address/port to IP_address/port flags tcp_flags on interface interface_name.
The security appliance discarded a TCP packet that has no associated connection in the security appliance connection table. The security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the security appliance discards the packet.
Am i going about this the wrong way or is there a fix?