I get the following error
%ASA-6-106015: Deny TCP (no connection) from coa-dun-web1-front/80 to sol-dun-hobbit1/50692 flags SYN ACK on interface internal-vlan-20
when I try to connect from sol-dun-hobbit1 to coa-dun-web1-front. Now, there is a slight problem in the topology here. This ASA has two sub-interfaces one of which connects to the "front-end IPs" of the web-boxes it is protecting and another to the back-end IPs. Both Front and Back networks are seperate vlans and terminate(gateway is the ASA) only on the ASA. The problem is, when I connect from sol-dun-hobbit (from an outside interface, here the interface is called management) the packet is transmitted out the asa on vlan 10 (on sub-interface = internal-10) and then the reply comes back on a different sub-interface = internal-20. I cannot do anything bout the packet coming in, Im trying to get the ASA to recognise that the reply is part of an earlier connection attempt, which the ASA doesnt seem to be doing.