I have a ASA5505 with a security plus license that has been 'in-production' for some time but I am experiencing a 'lock-out' of a particular IP address in a DMZ with minimal usage.
This IP address is configured with ACL and NAT to allow:
remote desktop traffic
IIS 7 traffic
I have also limited the number of embromic connections to 1500 due to DOS attacks. The issue I experience is that the 'channel' locks up when using remote desktop or IIS 7 services resulting in all traffic being denied to that IP address (channel). All other IP addresses with similar configuration remain working.
Can anyone suggest what the problem may be and how to go about resolving it?
Your issue sounds like it may be caused by an incorrect translation getting built during RDP or IIS conversations.
First, take a look at your 'static', 'nat', and 'global' commands in your configuration to ensure nothing is incorrectly configured for your environment and none of your translations are conflicting.
Also, take a look at the output of the 'show xlate debug' command on the firewall next time the problem occurs. My guess is that you would see an incorrect translation being built that is causing normal traffic to break. In that case, you'll need to find out what part of your configuration is causing that translation to get built.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :