Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

address failure on ASA5505


I have a ASA5505 with a security plus license that has been 'in-production' for some time but I am experiencing a 'lock-out' of a particular IP address in a DMZ with minimal usage.

This IP address is configured with ACL and NAT to allow:

http traffic

ftp traffic

remote desktop traffic

IIS 7 traffic

I have also limited the number of embromic connections to 1500 due to DOS attacks. The issue I experience is that the 'channel' locks up when using remote desktop or IIS 7 services resulting in all traffic being denied to that IP address (channel). All other IP addresses with similar configuration remain working.

Can anyone suggest what the problem may be and how to go about resolving it?

Thanks (in advance) for your help.



Re: address failure on ASA5505

Hi April,

Your issue sounds like it may be caused by an incorrect translation getting built during RDP or IIS conversations.

First, take a look at your 'static', 'nat', and 'global' commands in your configuration to ensure nothing is incorrectly configured for your environment and none of your translations are conflicting.

Also, take a look at the output of the 'show xlate debug' command on the firewall next time the problem occurs. My guess is that you would see an incorrect translation being built that is causing normal traffic to break. In that case, you'll need to find out what part of your configuration is causing that translation to get built.

Hope that helps.


New Member

Re: address failure on ASA5505

Thanks Mike!

today the problem seems ot have fixed itself after some time (although last time it didn't and required a reboot).

Either way I will do as you suggested as I can't have my customers locked out! Thank you very much for your help.

Regards, April

CreatePlease login to create content