Cisco Remote Access VPN dropping certain traffic

Discussion in 'Cisco' started by srini74_ks, Aug 16, 2007.

  1. srini74_ks

    srini74_ks

    Joined:
    Aug 16, 2007
    Messages:
    1
    Likes Received:
    0
    Hello Experts,

    I am srinivasan, residing in India. I need your guidance on solving an issue that I am facing.

    We do have Cisco 5510 7.0(5) and remote access VPN is configured with RADIUS authentication. I am sure that NAT exempt rules are there for VPN traffic.

    We are able to connect to Cisco ASA using the vpn client. But we are unable to established SSH connection with some of the linux servers we have. We are receiving the following error message in Cisco ASA box.

    6|Aug 16 2007 22:32:38|106015: Deny TCP (no connection) from 10.12.1.138/22 to 10.12.1.83/1173 flags SYN ACK on interface Outside
    6|Aug 16 2007 22:32:38|106015: Deny TCP (no connection) from 10.12.1.138/22 to 10.12.1.83/1173 flags SYN ACK on interface Outside
    6|Aug 16 2007 22:32:32|106015: Deny TCP (no connection) from 10.12.1.138/22 to 10.12.1.83/1173 flags SYN ACK on interface Outside
    6|Aug 16 2007 22:32:32|106015: Deny TCP (no connection) from 10.12.1.138/22 to 10.12.1.83/1173 flags SYN ACK on interface Outside
    6|Aug 16 2007 22:32:29|106015: Deny TCP (no connection) from 10.12.1.138/22 to 10.12.1.83/1173 flags SYN ACK on interface Outside
    6|Aug 16 2007 22:32:29|302013: Built inbound TCP connection 6706 for Outside:10.12.1.83/1173 (10.12.1.83/1173) to Inside:10.12.1.138/22 (10.12.1.138/22) (srinivasan)
    6|Aug 16 2007 22:30:37|302015: Built inbound UDP connection 6705 for Outside:10.12.1.83/138 (10.12.1.83/138) to NP Identity Ifc:10.12.255.255/138 (10.12.255.255/138) (srinivasan)
    6|Aug 16 2007 22:30:35|302016: Teardown UDP connection 6703 for Outside:10.12.1.83/1026 to Inside:10.12.2.5/53 duration 0:02:01 bytes 31 (srinivasan)
    6|Aug 16 2007 22:30:34|302016: Teardown UDP connection 6701 for Outside:10.12.1.83/1026 to Inside:10.12.0.7/53 duration 0:02:01 bytes 31 (srinivasan)
    6|Aug 16 2007 22:28:34|302016: Teardown UDP connection 6704 for Outside:10.12.2.5/53 to Outside:10.12.1.83/1026 duration 0:00:00 bytes 0
    6|Aug 16 2007 22:28:33|302015: Built inbound UDP connection 6704 for Outside:10.12.2.5/53 (10.12.2.5/53) to Outside:10.12.1.83/1026 (10.12.1.83/1026)
    6|Aug 16 2007 22:28:33|302015: Built inbound UDP connection 6703 for Outside:10.12.1.83/1026 (10.12.1.83/1026) to Inside:10.12.2.5

    The ACK packets sent by Linux server are blocked by Cisco ASA with no reasons.

    Any help is appreciated.

    Thanks,
    Srinivasan
     
    srini74_ks, Aug 16, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.