Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

inspection question...

Hello,

We have recently migrated from an IPTABLES based (among other things) for NAT and firewalling to an ASA 5510.

While the transition has been smooth there is an issue that has risen.

Some of the network people had in the past through IPTABLES NAT access to anything. In particular they use once in a while BGPPLAY (a java app) to view routes and BGP info. There was no problem when they use IPTABLES but now if they use the ASA as a NAT firewall, the java applet will fail to established a connection.

NAT access for BGPLAY is open as it was before and I did assume that it will behave as before, obviusly it does not.

The first connection is to port 80, but the second is from the next port to 21174.

This is not a related connection but a new one, works thorugh IPTABLES but not through the ASA.

Anyone has seen this behavior?

Thanks,

Miguel.

3 REPLIES

Re: inspection question...

Why don't you allow this connection by using an ACL? Is this new connection from the Client >> BGPPLAY Server or in the opposite direction. In the Client >> BGPPLAY Server direction it should be permitted as all higher >> lower security traffic is permitted by default. You can also use the 'established' command but this is not recommended due to security reasons.

Regards

Farrukh

New Member

Re: inspection question...

Found the problem, it was not related to the ASA per say but an ancient access-list on an edge router that was not allowing traffic on the new network we were using.

Miguel.

Re: inspection question...

Ahh Ok, Good to know the issue is solved now :)

Regards

Farrukh

132
Views
0
Helpful
3
Replies
CreatePlease login to create content