cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8355
Views
0
Helpful
5
Replies

Inbound TCP connection denied

mahesh18
Level 6
Level 6

Feb 27 2014 17:02:10: %ASA-2-106001: Inbound TCP connection denied from 192.168.211.56/3376 to 200.x.x.x/10000 flags RST on interface visitor

Feb 27 2014 17:02:04: %ASA-2-106001: Inbound TCP connection denied from 192.168.211.56/3376 to 200.x.x.x/10000 flags ACK on interface visitor

Feb 27 2014 17:01:58: %ASA-2-106001: Inbound TCP connection denied from 192.168.211.56/3376 to 200.x.x.x/10000 flags SYN on interface visitor

Hi Everyone,

I was testing  new VPN  IPSEC Remote connection from our visitor network and got the logs above.

Is these Logs indicate that ASA sees no route from interface name visitor from source 192.168 to 200.x.x?

Remote VPN works fine from the Internet.

Regards

MAhesh

Message was edited by: mahesh parmar

2 Accepted Solutions

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi Mahesh,

Where is the VPN device located to which the "visitor" user is connecting to?

Is it possibly the same ASA that is showing these logs? That would possibly mean that you are trying to connect to the external interface of the ASA which would be impossible other than from behind that external interface.

Might need more description of the situation and/or see some configurations from the ASA to determine what the sitaution is.

- Jouni

View solution in original post

Mahesh

In your original post you ask it if might be an issue that the ASA does not see a route for the destination. In my experience when the ASA does not have a route it will have that in the error message. So I do not believe that this issue is a routing issue. I suspect that it is more likely an issue of security level between the interface where you are connected and the interface through which you need to go. Can you identify the security level of the interfaces involved on ASA1? And are any access lists configured on the ASA for those interfaces?

HTH

Rick

HTH

Rick

View solution in original post

5 Replies 5

Jouni Forss
VIP Alumni
VIP Alumni

Hi Mahesh,

Where is the VPN device located to which the "visitor" user is connecting to?

Is it possibly the same ASA that is showing these logs? That would possibly mean that you are trying to connect to the external interface of the ASA which would be impossible other than from behind that external interface.

Might need more description of the situation and/or see some configurations from the ASA to determine what the sitaution is.

- Jouni

Hi Jouni,

VPN client works fine from internet.

Setup is

--------ASA1 Internet---------------ASA2  VPN

Internet ASA1 has interface called visitor where my pc is connected and i am trying to VPN to corp network.

This never worked before so i am incharge to make this happen.

I am trying to reach IP 200.x  which is of VPN ASAs outside interface.

Regards

MAhesh

Mahesh

In your original post you ask it if might be an issue that the ASA does not see a route for the destination. In my experience when the ASA does not have a route it will have that in the error message. So I do not believe that this issue is a routing issue. I suspect that it is more likely an issue of security level between the interface where you are connected and the interface through which you need to go. Can you identify the security level of the interfaces involved on ASA1? And are any access lists configured on the ASA for those interfaces?

HTH

Rick

HTH

Rick

Hi Rick,

Nice to see reply from you.

ASA1 interface visitor where PC is connected  has security level 5.

when user connects from internet traffic flows via ASA1 interface outside to interface VPN.

ASA1 interface from which i need to reach ASA2 is VPN and has security level of 5

interface visitor has acl from any to any

Regards

MAhesh


Hi Rick,

IT was not routing issue both interfaces of ASA1 (Internet)  had same security level.

Changing the security level of one interface fix the problem.

Regards

MAhesh

Message was edited by: mahesh parmar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: