ASA5505 VPN Random Destination port and Implicit Rule

biggav123 · ‎05-05-2012

Hi,

I have looked around to see if I can find any info on this but so far have been unsuccessful. If you can point me in the right direction please do.

I have an ASA5505 that I am setting up behind another firewall. The external firewall has all ports forwarded to the ASA which is fine as I can see the traffic getting to the ASA in the log. However when the traffic trys to return to it's destination the ASA assigns a random port number. For example for VPN the source port is 443 but when the ASA trys to go back to the public IP addess it is using port 52857 which is obviously blocked on the external firewall. The Packet Tracer also says the the traffic is blocked by an implicit rule on the ASA which denys all ip traffic however I can't delete this rule and as I test I have created another rule allowing all IP traffic.

If someone could please point me in the right direction that would be fantastic.

Thank you.

Patrick0711 · ‎05-06-2012

Check for static port redirection or PAT via a global/nat configuration

biggav123 · ‎05-08-2012

Thanks for your help. I think I have the ports etc all setup now. I think I may have a physical setup issue now.

I have the ASA connected to our interal network on a port on the inside interface. The external firewall is forwarding traffic to it but I'm now receiving the following message Routing failed to locate next hop for TCP from inside:x.x.x.x/443 to inside:external IP address/port number.