06-25-2012 09:13 AM - edited 03-11-2019 04:22 PM
Hi,
I'm trying to get an asa5505 set up so that our web server can send an LDAPS login to a client's server and receive the request back. The default IP our traffic goes out on is different than where I want the connection to come back in on. So, I set a NAT rule to send all traffic from a specific inside IP out a default outside IP. I also allowed LDAPS traffic from the client's server IP address in and have nat'd it back to the appropriate inside IP address. It seems to build the outbound connection fine, but then seems to drop it right away, which then seems to not allow the response back in. I've attached a picture of the log, with (what I think are) the lines in question highlighted. I'm far from a routing expert, but this seemed like a fairly easy setup. Anyone have any idea what may be causing this? Also, please let me know if additional info is needed. I'm happy to provide anything. Thanks!
06-27-2012 03:11 AM
Hi,
Regarding the log you attached.
To me the log basically tells that a host on your inside network formed a TCP connection to the Internet which it then resetted immediatly. (For whatever reason)
The log messages following that are probably the host on the Internet trying sending acknowledgement messages for some sent data (ACK) and also closing the TCP Connection (FIN ACK)
And the reason the Deny messages look abit different is because the ASA has already torn down those connections and therefore states that there are no active connections on the ASA that corresponds to the arriving packets so it drops them.
In other words, the remote Internet host is still sending packets related to the connection that the inside host already closed and which the ASA already tore down.
Would it be possible to see the actual configurations on the firewall?
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide