Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5505 Blocks new connections to IP

Please excuse my lack on knowledge on this topic.  I am trying to get up to speed on this topic as quickly as possible.  I searched through the other disucussions and located some that sounded very similar but not quite the same, so please excuse the duplication. 

Here is my issue:                  

1)     We are able to access the webiste

2)     We are able to upload data packets

3)     We allow the website to time out while we are uploading data packets

4)     When we attempt to re-access the website the ip is blocked

a)     this includes pinging and trace

5)     After an undertermined period of time the ip is unblocked and we are allowed to access it again.

The ASA 5505 router is the last forward facing stop before entering the VPN tunnel.  We have tested by circumventing the ASA and we are unable to duplicate the disconnect.  We have reviewed the config file and have not been able to identify what rule/settings could be affecting this.

when tracing port usage, the actions use 2 tcp ports and 1 udp port,  the 2 tcp ports open and close by each transaction, when the ip block occures the 2 tcp ports are "dead"  the udp port remains open (appearhently sending the remainder of the data packets)

Any help on this would be greatly appreciated.



Everyone's tags (1)

ASA 5505 Blocks new connections to IP

Hi Susan,

Rely on captures when you encounter the issue, take the captures and see where is the tcp port eing blocked, this would help you:

Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
CreatePlease to create content