Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Polycom behind ASA

Hi, I want to put a polycom behind the ASA5505. The ASA is connected to internet by ADSL link and is connected to LAN by a router gateway.

The router gateway have the ip 10.10.244.253 255.255.252.0

the ASA inside interface have the ip 10.10.244.252 255.255.252.0

The polycom have the ip 10.10.244.51 255.255.252.0

the ASA have the default route to the ADSL-LINK and have a static route to the LAN pointed to router gateway.

The polycom gateway is the ASA 10.10.244.252. Then when the polycom need to connect with a device in internet go by ADSL-INTERNET and when need to connect go by LAN's Router Gateway.

But i get this error, when i try to connect with a device in the LAN, the icmp works but tcp and udp connections no.

__________________________________________

%ASA-6-106015: Deny TCP (no connection) from 201.155.93.3/62596 to 187.133.33.210/61115 flags RST ACK on interface outside

%ASA-6-106015: Deny TCP (no connection) from 201.155.93.3/1720 to 187.133.33.210/61114 flags RST ACK on interface outside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/61111 to 10.10.237.150/1720 flags RST on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/61112 to 10.10.237.150/1720 flags RST on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside

%ASA-6-106015: Deny TCP (no connection) from 10.10.244.51/1720 to 10.10.237.150/1027 flags SYN ACK on interface inside

%ASA-6-302015: Built outbound UDP connection 660 for inside:10.10.237.150/33434 (10.10.237.150/33434) to NP Identity Ifc:10.10.244.252/49158 (10.10.244.252/49158)

________________________________________

Dou you know how can i fix it ?

Thanks.

3 REPLIES
New Member

Re: Polycom behind ASA

Hi,

Can you paste the config along with the ACL s you have ?

Thanks,

Vlad

Re: Polycom behind ASA

This is my configuration.

New Member

Re: Polycom behind ASA

1st

have you tried the both the ACLs:

inside-access-list extended permit ip any any

access-list outside-access-list permit ip any any

access-list outside-access-list permit tcp any any

access-list outside-access-list permit udp

any any

Second , did you try a capture one the inside of the ASA?

capture polycom int inside

can you post the capture output?

try the NAT 0 for teh returen traffic as well:

access-list nonat extended permit ip 10.0.0.0 255.0.0.0 10.10.244.0 255.255.255.0

3rd:

Is everything else working?

Regards,

Vlad

583
Views
0
Helpful
3
Replies
CreatePlease to create content