I'm trying to get an asa5505 set up so that our web server can send an LDAPS login to a client's server and receive the request back. The default IP our traffic goes out on is different than where I want the connection to come back in on. So, I set a NAT rule to send all traffic from a specific inside IP out a default outside IP. I also allowed LDAPS traffic from the client's server IP address in and have nat'd it back to the appropriate inside IP address. It seems to build the outbound connection fine, but then seems to drop it right away, which then seems to not allow the response back in. I've attached a picture of the log, with (what I think are) the lines in question highlighted. I'm far from a routing expert, but this seemed like a fairly easy setup. Anyone have any idea what may be causing this? Also, please let me know if additional info is needed. I'm happy to provide anything. Thanks!
To me the log basically tells that a host on your inside network formed a TCP connection to the Internet which it then resetted immediatly. (For whatever reason)
The log messages following that are probably the host on the Internet trying sending acknowledgement messages for some sent data (ACK) and also closing the TCP Connection (FIN ACK)
And the reason the Deny messages look abit different is because the ASA has already torn down those connections and therefore states that there are no active connections on the ASA that corresponds to the arriving packets so it drops them.
In other words, the remote Internet host is still sending packets related to the connection that the inside host already closed and which the ASA already tore down.
Would it be possible to see the actual configurations on the firewall?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :