Network Issue

ray_stone · ‎11-28-2008

Hi, We have just installed a FW ASA 5505 in production at datacenter and since then we have been experiencing very strange behaviour in the Network. The Network details are following:

1) Inside 100 192.168.59.0/24 V-lan 100

2) DMZ 50 192.168.60.0/24 V-lan 200

3) Outside 0 1.1.1.1/2 V-lan 2

Our Application Server are placed in DMZ Zone and DB in Inside Zone and both Inside and DMZ Zone Traffic are exempted and allowed IP Protocol but the main issue is, when i hit to access any Application from Outside Network then I recieve a Transport Level error and Developers has also checked the DB and App Server and according to their review its a connectivity issue which is breaking intermidiately. When I try to troubleshoot and use Ping, Traceroute or review the FW logs then it shows everything is working fine and Transport logs is also making in DB Server. I moved DB Sever in the DMZ Zone then Application works fine and no tranport logs create in the DB. Can anyone advice on that???

Pravin Phadte · ‎11-30-2008

Hi,

try to use static mapping.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

Hope this helps

Report Inappropriate Content · ‎12-01-2008

Hi,

Kindly check the connection table output and ensure if the conn is being formed.

Check the db server with netstat -n command and see if there r any conn formed on the server for outside hosts.

Check the acl on the outside interface and see if ur getting hit counts for the same.

Run the packet trace command and check where the traffic is being dropped.

If possible kindly attach ur config file for further analysis.

Regards

Mahesh