Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA-5505 denies reverse path check

Hi,

I aim trying to gain access to a file server on our network. Nobody is able to access it and only a reboot of the switch or restarting the filewall seems to cure it for a 5 minutes or so.  The blocking seems to be trigerd by someone form the outside trying to get access.

It apperas from looking at our firewall logs (Cisco ASA-5505) that it is  blocking access. I get his error in our logs:

1Aug 06 201310:25:12
192.168.100.209
192.168.200.2

Deny UDP reverse path check from 192.168.100.209 to 192.168.200.2 on interface Guest

And when I try Packet Tracer from a IP address in our network I get this:

blocked to file server.png

How can I allow acces to the file server ?

Thanks fo your help,

Dan

Everyone's tags (7)
8 REPLIES

Cisco ASA-5505 denies reverse path check

Hi Daniel,

You may have 'ip verify reverse-path' enabled on the interface. Disable for now and see if that works. If thats the case, make sure, you have proper routing /permissions in place. Check below for details on the command..

http://www.cisco.com/en/US/docs/security/asa/asa90/command/reference/i3.html#wp1915749

hth

MS

New Member

Cisco ASA-5505 denies reverse path check

Hi I tried the  no ip verify reverse-path interface interface_name   however access is still denied to the fileserver. I have checked the firewall for permissions and we have allowed access from  the internal interface  to the file share.

How should I proceed from here?

Thanks,

Dan

New Member

Cisco ASA-5505 denies reverse path check

Hi it seems that an ACL is dropping the packets from theis packet trace and using guest interface:

Cisco ASA-5505 denies reverse path check

Hello,

Pls post ASA configs.

Thx

MS

PS: Pls rate helpful posts.

New Member

Cisco ASA-5505 denies reverse path check

Hi, Im a bit worried about posting my ASA configs. Is there a way to get help without having to do that.

Sorry to be a pain.

Thanks,

Dan

New Member

Cisco ASA-5505 denies reverse path check

have you checked your nat config. What syslog shows?

CCNP, CCNA Security
New Member

Cisco ASA-5505 denies reverse path check

I will check that tmr at work.

Thanks for the help.

Dan

New Member

Cisco ASA-5505 denies reverse path check

We had to take it out of the VLAN it was in and put it on the same network to make it accessibale. Routing or the  Firewall was the problem.

We have a quick fix for the time being.

Thanks guys for your help.

Dan

2922
Views
0
Helpful
8
Replies