Here i showed some diff of established connections.more over i have given all the necessary access in my firewall.but there were no data flow..only sing connections are establishing. these connections are happening after passing some diff hops from outside to inside.kinldy let me know from which part i have to troubleshoot(firewall r router r application part)
TCP out 10.2.79.178:3833 in 10.2.40.35:8000 idle 0:01:35 Bytes 0 flags SaAB
TCP out 10.1.139.162:4373 in 10.2.40.35:8000 idle 0:01:42 Bytes 0 flags SaAB
i need to establish the connections with data flow...then only it would be a meaning full connection
well yes you are correct..tracert doesn't show up firewall interfaces ips as hops, check if you are blocking icmp of r2 or firewall outside interface , thats the reason tracert or ping not going through
Coming down to original issue it seems either the switch(CrSW) or server is dropping and not replying to syn request
set the packet captures on inside interface of pix which would verify if there is any return reply from the server
access-l abc permit ip host <10.x.x.x> host 10.2.40.35
access-l abc permit ip host 10.2.40.35 host 10.x.x.x
Thanks for ur response. U r absolutely correct. The link which was terminated in R2 router is the redundant link..primry link is terminated in some other router with one more firewall(F2) resides in CrSW.So already we have return route in CrSw tends to F2. So we can not add one more route in the same devices (CrSw) for same destination. It will happen only we have to change the route manually when the link goes down r If u have any other solution kindly let me know.The big limitation here is we are uanble to change the design..we have to achieve the route with the present design only..I think it will not possible..Possible only with manual router change.
Now we need a route on CrSW back to FW since the original source IP from outside is not Natted , but if you nat the source IP to firewall inside interface as well (called outside NAT) then the switch would receive the packet with source being translated to firewall inside ip address, and therefore for return reply the firewall would proxy and packet would go through..
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...