11-18-2005 11:53 AM - edited 03-09-2019 01:05 PM
We have recently implemented an ASA5510 replacing our old PIX520. One of the offices here uses a Honeywell digital video recorder that they remotely access via Honeywell's RAS remote access software. Since putting it the ASA they cannot connect to the HRDV. If I try an outside interface bypassing the ASA, everything works fine. Looking at a packet capture, the app uses port 44442 initially then negotiates other ports. When behind the ASA the port negotiation doesn't happen, it just continues to try the same port. I'm kinda confused because this traffic is initiated from the inside so it should come back through with no problem. Thanks all in advance.
11-19-2005 11:30 AM
after you replaced the pix with ASA, is that also changed the OS on the ASA?
may be a needed fixup is disabled.
thanks
Nadeem
11-21-2005 08:08 AM
I have not updated the OS on the ASA if that is what you mean. Hasn't fixup been replaced by inspection? Here's what the inspection portion of my config looks like:
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
Any help is greatly appreciated.
11-21-2005 10:52 AM
Update:
We are also experiencing an e-mail issue where the clients are getting multiple copies of a message (100+) so as a troubleshooting procedure I put the old PIX520 back in place. I tried the RAS connection and it worked fine. As far as I can see the firewall configs for both appliances look the same as to access lists/conduits etc. Could it be the IDS side of the ASA5510 that is causing the problems? I'm wondering if someone can look at the configs of both my PIX520 and ASA5510 and tell me the differences as far as traffic allowed etc. Thanks all.
11-22-2005 12:43 PM
Do you have IDS module in that ASA? Try to disable the esmtp and smtp fixup and see if that makes any difference for email issue. Also for the other issue try to disable the related fixup. are there any logs available?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide