My internal networks are 10.113.0.0/16 subnetted down into variable length networks.
The inside interface is sat on 10.113.66.7/24 with a gateway to the rest of the internal network via a cisco 3750 on 10.113.66.1
I have NAT exempted the internal traffic, and allowed traffic across all internal ports on the ASA, but we still keep getting the following message,
6 Dec 02 2008 15:41:26 106015 10.113.66.10 10.113.79.46 Deny TCP (no connection) from 10.113.66.10/5038 to 10.113.79.46/139 flags RST on interface inside
Very very frustrating.
It is as though the ASA is limited to talking to 1 subnet only because the packet did not originate from the ASA itsel and it is considering this a breach of the normal TCP SYN/ACK rules.
sh run attached