asa5505v8 tcp syn denied on inside

Unanswered Question
Jul 10th, 2009
User Badges:

"Inbound TCP connection denied from 1.4.19.244/1635 to 1.4.20.212/4001 flags SYN on interface inside"

The vlan on the inside interface (vlan19) also needs access to systems on vlan20 so we have a static route on the asa that points to a router that also sits on vlan19. I can ping the two vlans from the asa's inside interface but I'm not sure why the above error occurs or how to stop it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 07/16/2009 - 10:44
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Keith


So is the default-gateway for clients on vlan 19 the ASA inside interface ?.


If so have you added this to your config -


asa(config)# same-security-traffic permit intra-interface


if you don't have that in your config traffic will not be allowed back out the same interface it arrived on to get to it's destination.


Jon

Actions

This Discussion