TCP 402 blocked by ASA firewall

Unanswered Question
Mar 26th, 2008

Hi,

We use Altiris between two VPN sites protected by a Cisco PIX (8.0) and an ASA (8.0).

Altiris communicates some multicast traffic on tcp port 402, but this traffic get blocked by the firewalls with this message:

%pix-6-106015: deny tcp (no connection) from x.x.x.x/4597 to x.x.x.x/402 flags psh ack on interface inside

I've looked through the IP audit signatures and the service policy rules, but the port 402 does not appear anywhere.

Does anyone have a clue?

Thanks in advance,

Rasmus

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
blueoceanventure Wed, 03/26/2008 - 06:14

I should mention that the whole IP stack has been allowed both ways through this connection. Somehow this port (recoqnized as "genie" but used by Altiris multicast) is blocked on the way.

a.ajiboye Wed, 03/26/2008 - 07:56

Hi,

You could write an access-list to specifically allow communication on port 402. The example below allows hosts to communicate via port 402:

access-list outside_access_in permit tcp any host 217.x.x.115 eq 402

ip address outside 217.x.x.115 255.255.255.248

static (inside,outside) 217.x.x.115 192.168.1.2 netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

If you could post your config too, I can take a look to see if anything else is missing.

Please rate this post if it helps.

blueoceanventure Wed, 03/26/2008 - 08:40

But when the access list already in place permit ip any any (roughly) would that make a difference at all?

I'll get back to you with an edited edition of the config.

Thanks for your reply.

cjake7777 Wed, 03/26/2008 - 09:52

Have you looked at your inspect statements? I would take out the global_policy for a test.

Jake

blueoceanventure Mon, 03/31/2008 - 02:14

I tried specifically adding rules to allow port 402 (though the whole IP stack has been permitted), and there was no difference.

I have now enabled multicast routing, so lets see if that changes anything. I will get back to you :)

Thanks for all you answers,

Rasmus

blueoceanventure Tue, 04/01/2008 - 01:33

Tried enabling multicast routing but it makes no difference :(

Any last suggestion? I'm going out of my mind - there's nothing about tcp port 402 in the security policies (deep inspection) and still this port gets blocked.

Thanks in advance,

Rasmus

wilsonyong Thu, 04/10/2008 - 22:23

please try use sniffer capture data,skip ASA and use sniffer capture data,analyse both differ.

Actions

This Discussion