I have recently started learning about ASAs and I had an issue while deploying an ASA. Previously we had a router which was acting as firewall and I was assigned the task to replace it with ASA 5512. I have configured the access rules and everything. But when I bring up the ASA we were unable to reach the mail server from outside. when I do wireshark on the mail server it say that
Log messages seem to point to a situation where the ASA is blocking a packet for a connection that doesnt exist on the ASA yet or has beeb removed from it before.
I think the ASA usually sends TCP Reset to the host when the ASA is configured to Reset a connection that is not allowed according to its ACLs.
I guess this might also be due to Asymmetric Routing. For example if the TCP SYN arrived to the server from some OTHER device than the ASA and the server then send traffic through its default gateway which would be ASA then ASA would drop the SYN, ACK since it never saw the original SYN
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...