10-20-2014 07:07 AM - edited 03-11-2019 09:57 PM
cisco ASA5550 Inbound TCP connection denied from 172.XX.XXX.2/3314 to 172.16.XX.XX/XXX flags SYN on interface inside
10-20-2014 01:45 PM
Can you post a config, or at least the ACLs that you have for either of those networks?
You may need to enable logging on those particular ACLs in order for me/us to figure out why these are being denied.
See this about turning logging on. It will give your logs more information, including which ACL is denying these packets
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/acl_logging.pdf
10-20-2014 03:53 PM
Are both the source and destination address downstream from your inside interface? If so, you need to have "same-security-traffic" enabled in your configuration. Reference
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide