Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ftp & rdp connection issues

Hi,

I currently have an issue with ftp and rdp connections from 2 specific hosts. I have setup acls to allow for ftp and rdp connections from our internal network to these two specific hosts in the dmz. We have 2 ASA 5520 setup in a Active/Standby Configuration. The acls in question have been setup with logging enabled and when l go to attempt to connect via ftp or rdp to the specific hosts the connections timeout.

As you can see from the below logs the access-list is permitted but then it tries to build the connection but then automatically tears it down. Could someone please explain why my internal host is not connecting successfully on rdp to this host in our dmz ?? If you need additional configs from the ASA or other equipment please let me know.

6|Jan 16 2009|09:59:59|302014|fsqftp|3389|172.16.28.104|2392|Teardown TCP connection 11122215 for dmz1:fsqftp/3389 to inside:172.16.28.104/2392 duration 0:00:00 bytes 0 TCP Reset-I

6|Jan 16 2009|09:59:59|302013|fsqftp|3389|172.16.28.104|2392|Built outbound TCP connection 11122215 for dmz1:fsqftp/3389 (fsqftp/3389) to inside:172.16.28.104/2392 (172.16.28.104/2392)

6|Jan 16 2009|09:59:53|302014|fsqftp|3389|172.16.28.104|2392|Teardown TCP connection 11122181 for dmz1:fsqftp/3389 to inside:172.16.28.104/2392 duration 0:00:00 bytes 0 TCP Reset-I

6|Jan 16 2009|09:59:52|302013|fsqftp|3389|172.16.28.104|2392|Built outbound TCP connection 11122181 for dmz1:fsqftp/3389 (fsqftp/3389) to inside:172.16.28.104/2392 (172.16.28.104/2392)

6|Jan 16 2009|09:59:50|302014|fsqftp|3389|172.16.28.104|2392|Teardown TCP connection 11122158 for dmz1:fsqftp/3389 to inside:172.16.28.104/2392 duration 0:00:00 bytes 0 TCP Reset-I

6|Jan 16 2009|09:59:50|302013|fsqftp|3389|172.16.28.104|2392|Built outbound TCP connection 11122158 for dmz1:fsqftp/3389 (fsqftp/3389) to inside:172.16.28.104/2392 (172.16.28.104/2392)

7|Jan 16 2009|09:59:50|106100|172.16.28.104|2392|fsqftp|3389|access-list inbound_inside permitted tcp inside/172.16.28.104(2392) -> dmz1/fsqftp(3389) hit-cnt 1 first hit [0x72ce6f24, 0x0]

2 REPLIES
Bronze

Re: ftp & rdp connection issues

Hi Simon

Do you have a static (inside,dmz) configured?

New Member

Re: ftp & rdp connection issues

If its no trouble could you please provide the config for these translations from the inside hosts to the DMZ devices, an also the stndby config. Thanks

131
Views
0
Helpful
2
Replies