TCP 402 blocked by ASA firewall

Unanswered Question
Mar 26th, 2008
User Badges:


We use Altiris between two VPN sites protected by a Cisco PIX (8.0) and an ASA (8.0).

Altiris communicates some multicast traffic on tcp port 402, but this traffic get blocked by the firewalls with this message:

%pix-6-106015: deny tcp (no connection) from x.x.x.x/4597 to x.x.x.x/402 flags psh ack on interface inside

I've looked through the IP audit signatures and the service policy rules, but the port 402 does not appear anywhere.

Does anyone have a clue?

Thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
blueoceanventure Wed, 03/26/2008 - 06:14
User Badges:

I should mention that the whole IP stack has been allowed both ways through this connection. Somehow this port (recoqnized as "genie" but used by Altiris multicast) is blocked on the way.

a.ajiboye Wed, 03/26/2008 - 07:56
User Badges:


You could write an access-list to specifically allow communication on port 402. The example below allows hosts to communicate via port 402:

access-list outside_access_in permit tcp any host 217.x.x.115 eq 402

ip address outside 217.x.x.115

static (inside,outside) 217.x.x.115 netmask 0 0

access-group outside_access_in in interface outside

If you could post your config too, I can take a look to see if anything else is missing.

Please rate this post if it helps.

blueoceanventure Wed, 03/26/2008 - 08:40
User Badges:

But when the access list already in place permit ip any any (roughly) would that make a difference at all?

I'll get back to you with an edited edition of the config.

Thanks for your reply.

cjake7777 Wed, 03/26/2008 - 09:52
User Badges:

Have you looked at your inspect statements? I would take out the global_policy for a test.


blueoceanventure Mon, 03/31/2008 - 02:14
User Badges:

I tried specifically adding rules to allow port 402 (though the whole IP stack has been permitted), and there was no difference.

I have now enabled multicast routing, so lets see if that changes anything. I will get back to you :)

Thanks for all you answers,


blueoceanventure Tue, 04/01/2008 - 01:33
User Badges:

Tried enabling multicast routing but it makes no difference :(

Any last suggestion? I'm going out of my mind - there's nothing about tcp port 402 in the security policies (deep inspection) and still this port gets blocked.

Thanks in advance,


wilsonyong Thu, 04/10/2008 - 22:23
User Badges:

please try use sniffer capture data,skip ASA and use sniffer capture data,analyse both differ.


This Discussion