Cisco ASA issue

mirza.alibasic · ‎11-25-2010

Hello all,

Federico Coto Fajardo · ‎11-25-2010

Hi,

To allow certain ports from one interface to another you need to check that those ports are allowed on the ACL applied on the ASA.

If you're able to PING there's connectivity.. just check the ACL.

Also, if the traffic is through the VPN, normally all IP traffic is permitted (no ports filtered).

If you want to run a test you can use Packet-Tracer to simulate the connection on those ports and have the ASA respond if the connection should be allowed or denied by any reason.

Federico.

mirza.alibasic · ‎11-25-2010

Hi thank you for the answer,

There is no ACL which may block this also packet tracer show that everything is OK.

Traffic is through the VPN and yes all IP traffic is permitted.

Federico Coto Fajardo · ‎11-25-2010

Ok, the communication is from an IP in the inside of this ASA through the tunnel to reach an inside device on the other end?

What are the src/dst IPs?

Federico.

mirza.alibasic · ‎11-25-2010

...

Federico Coto Fajardo · ‎11-25-2010

Ok, the configuration seems fine and should allow communication over those ports to the remote server.

As packet-tracer indicates the packets should be allowed.

Question...

Can you check that the connection on those ports are reaching the server itself?

Check on the server if it's receiving packets on those ports, perhaps is just the application not working properly...

Federico.

mirza.alibasic · ‎11-25-2010

Hi,

many thanks for helping me....

mirza.alibasic · ‎11-26-2010

I found this in my logs?