Hi Tem,
I have a bit f strange issue here, well strange to me, below is the given infomraiton and issue description and lost of what has been done so far to resolve the issue but still un resolved
GIVEN:
=======
DMZ:10.0.0.0/24 Gateway for DMZ: 10.0.0.3 ( firewal Interface in DMZ)
Inside Network ( VLAN -A):10.10.10.0/24
Inside Network ( VOAN -B): 192.168.30.0/24 ( destination Server: 192.168.30.22)
These are VLANS on CISCO 3750 connected to inside Interface of ASA. All Intervlan traffic ok, NO ACLS on 3750 Switch , Routing Ok
*** ASA has been in place for long time and all the ACLs work fine and no problem with what ever rules are put***
ISSUE:
=====
A VM Server (10.0.0.18) from SMZ can not access Server 192.168.30.22 on TCP ports 445 and 139.
ACL rule is first allowing Server 10.0.0.18 and is applied correctly on DMZ interface
LIST of STEPS AND CHECKED
=======================
Any Server from 10.10.10.x can connect to target server at these ports if allowed
DMZ servers can access servers on 10.10.10.x subnets on allowed ports
ping and trace routes from DMZ subnets work ok for VLAN 192.168.30.1 gateway but do not make it to target Server
ASA itself can ping and trace route to target Server 192.168.30.22
Routing in the ASA is ok and routes the packets correctly
When debugs were run following meesages were obyained that only indicate hand shake could not be completed but why ?..no idea in syslogs
SYSLOGS:
=========
30213:Built inbound TCP connection 2338689 for dmz:10.0.0.18/3083 to inside:192.168.30.22/445
30214:Teardown TCP connection 2338689 for dmz:10.0.0.18/3083 to inside:192.168.30.22/445 0:00:30 bytes 0 SYN Timeoutes
As described above there are no issues on destination server as it responds to same ports from other VLAN through ASA.
To eliminate any possible issues with VM machines, same thing was tested from a physical Server form DMZ but same issue :(
All DMZ Servers can access 10.10.10.x Server with out any issues.
Any help will be greatly appriciated
Thanks,
