We have an web publishing services running through TMG and ofcourse its through cisco firewall. 25 to 30 www services published sofar no issue. recently i have noticed and occured some weared things. meaning, I can see traffic from my ISP to MY perimeter router and even in my firewall for that published web site, but connection not essablished successfully. when I enquired TMG team, even they did not see any traffic to that. Traffic is reaching up to firewall. so what could be the problem. aftersome time it established successfully, without any human intervension.
Note: I have double check routing and recreated the ACL rules and nat for that particular site.
if some one can put me in right direction is much appricated.
For this kind of scenarios where nothing makes sense the best way to troubleshoot it is via captures (as someone said: Captures don't lie) so we can determine where is the traffic being denied or getting stuck.
Do a capture on the ingress and egress interface of the ASA to make sure it's not getting denied there.
Also the logs when you try to connect will be really helpful,
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
Looking for some Networking Assistance?
Contact me directly at firstname.lastname@example.org
I will fix your problem ASAP.
Julio Carvajal Segura
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...