Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA5510 and Honeywell HRDV RAS

We have recently implemented an ASA5510 replacing our old PIX520. One of the offices here uses a Honeywell digital video recorder that they remotely access via Honeywell's RAS remote access software. Since putting it the ASA they cannot connect to the HRDV. If I try an outside interface bypassing the ASA, everything works fine. Looking at a packet capture, the app uses port 44442 initially then negotiates other ports. When behind the ASA the port negotiation doesn't happen, it just continues to try the same port. I'm kinda confused because this traffic is initiated from the inside so it should come back through with no problem. Thanks all in advance.

4 REPLIES
Cisco Employee

Re: ASA5510 and Honeywell HRDV RAS

after you replaced the pix with ASA, is that also changed the OS on the ASA?

may be a needed fixup is disabled.

thanks

Nadeem

New Member

Re: ASA5510 and Honeywell HRDV RAS

I have not updated the OS on the ASA if that is what you mean. Hasn't fixup been replaced by inspection? Here's what the inspection portion of my config looks like:

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

Any help is greatly appreciated.

New Member

Re: ASA5510 and Honeywell HRDV RAS

Update:

We are also experiencing an e-mail issue where the clients are getting multiple copies of a message (100+) so as a troubleshooting procedure I put the old PIX520 back in place. I tried the RAS connection and it worked fine. As far as I can see the firewall configs for both appliances look the same as to access lists/conduits etc. Could it be the IDS side of the ASA5510 that is causing the problems? I'm wondering if someone can look at the configs of both my PIX520 and ASA5510 and tell me the differences as far as traffic allowed etc. Thanks all.

Cisco Employee

Re: ASA5510 and Honeywell HRDV RAS

Do you have IDS module in that ASA? Try to disable the esmtp and smtp fixup and see if that makes any difference for email issue. Also for the other issue try to disable the related fixup. are there any logs available?

262
Views
0
Helpful
4
Replies
CreatePlease to create content