Session resets on webserver connected to ASA 5515-X
Hi All, I have a firewall (Cisco ASA 5520) running; acting as Internet edge with interfaces going to DMZ, Internet and LAN. I have been able to copy/translate the config from the 5520 to 5515-X; LAN users can get to the internet, but sessions going from the LAN browser to the DMZ webserver gets reset, also access to the webserver isn't possible from the internet. Here is a capture of the activity done on the 5515-X box.
Does anyone have an idea why the reset is coming from the webserver? Because it appears that the 5515-X is passing traffic normally.
DMZ webserver public IP address: 184.108.40.206.80
The attached capture is a session from firewall showing sessions of my attempts trying to reach the webserver from the internet. Strangely, LAN users cannot reach the webserver from their web browser.
This way the capture could be opened with Wireshark for example for easier reading.
On a quick glance it would seem that the server resets the TCP connection though in the start we can see that the TCP handshake goes through all the way.
The situation with the LAN users depends on few things. As I already mentioned I am not sure if the server is directly configured with the public IP address or if only NAT is performed on the ASA towards the external network?
If I were to presume that the server has a local/private IP address then the question would be what IP address are the users using to attempt the connection? Or are they perhaps using a DNS name? If they are using a DNS name what is the IP address they are getting in the DNS reply? If its the local IP address then it should be enough that you allow traffic from LAN to the DMZ. If the returned IP address is the public NAT IP address then you would either have to configure the public NAT from DMZ towards LAN or perhaps do some DNS related modifications if you have a local DNS server (so it points the name to the local IP address)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :