Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5520 - Deny TCP (No Connection) - 106015

6 Feb 08 2008 09:43:28 106015 192.168.140.9 192.168.1.20 Deny TCP (no connection) from 192.168.140.9/4830 to 192.168.1.20/80 flags RST on interface inside

I've seen a couple other posts with almost my exact issue, however, they weren't resolved.

Also, I've read the meaning of the syslog errors, but I don't know how to resolve it, which is why I'm posting here.

My issue:

In the United states we have 5 main offices, the HQ is in Ohio. All 5 are connected through VPN's. Everything is working fine.

We've recently implemented an MPLS with our Main HQ in Japan. A new circuit and cisco router were put in behind my firewall in Ohio.

The inside interface of the MPLS box has an address of 192.168.140.17 , this falls within the scope of the inside subnet of my ASA (192.168.140.x).

The MPLS box is plugged in directly to my switch as if it were another device on my network.

I have static routes in my ASA on the inside interface which state, any traffic going to 192.168.1.xxx *or any of the Japan private networks* use 192.168.140.17 .

Now, I can ping any of the subnets in Japan without problem. However, when I try to access any servers or intranet using the private IP's, I get the Deny TCP (No Connection) error.

Also, The other locations in the US are having no problems accessing any of the Japan subnets.

My guess is that it has something to do with the traffic not actually leaving my firewall, just rerouting it to the MPLS box.

If anyone can help I would greatly appreciate it. Of if you can help me over the phone please let me know.

my e-mail is: tcombs@threebond.com

447
Views
0
Helpful
0
Replies