I have setup a capture on our ASA. We are trying to connect across a VPN tunnel wiht a certain app and it wont connect.
We can telnet and SSH to the device across the tunnel OK. It is just this one app that wont start.
I have a capture set up on the inside interface of our ASA and what I see are SYN packets leaving the device on our inside interface, and RST, ACK packets coming back from the device on the remote side of the tunnel.
The egress connection attempt from the device on the inside network tries the connection using a destination port of 4000. Does this mean that the device on the other end of the tunnel is not listening on port 4000?
Well there is no remote ASA. On the remote end there is something called a digi box. It uses a wireless broadband card to connect to the Internet, and has ethernet ports on the other side. I dont think there is any way to do a packet capture on the other end to answer your question.
If the firewall is forwarding the SYN and it's getting a reset there is nothing that you can do in the ASA. Can you take captures in the server with ethereal or wireshark to see if the packets are hitting the server?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...