[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Networker 7.4.2 through a Cisco ASA5510

Posted on 2009-07-05
2
Medium Priority
?
440 Views
Last Modified: 2012-05-07
We have an ASA5510 that seperates 2 environments. The Client that we are trying to backup is in a DMZ. The Backup server sits in the Inside trusted network.
When we initiate the backups they do not complete and there are constant denies seen on the Firewall:
%ASA-6-106015: Deny TCP (no connection) from ausbps-meap02/2066 to ausbps-backup01/9544 flags RST on interface DMZ

We have open TCP rules between these 2 servers as seen in the config snipits seen below.
Are there any reasons that the backup client will send TCP FIN message within such a short period of time?
Firewall config:
interface Ethernet0/2.10
 vlan 10
 nameif DMZ#1
 security-level 50
 ip address 172.20.228.1 255.255.255.240 
!
 
interface Ethernet0/0
 nameif EPN-INSIDE
 security-level 100
 ip address 172.20.227.10 255.255.255.0 
!
!
name 172.20.228.5 ausbps-meap02
name 172.21.223.20 Hobbit-Monitor
name 172.20.223.11 ausbps-backup02 description EPN Backup Server
name 172.21.223.11 ausbps-backup01 description EPN Backup Server
 
object-group network BPS-EPN-Backup-Servers
 network-object host ausbps-backup02
 network-object host ausbps-backup01
!
object-group network BPS-EPN-Shared-Services
 network-object 172.20.223.0 255.255.255.224
 network-object 172.21.223.0 255.255.255.224
!
object-group network BPS-EPN-Management-and-Backup
 network-object host ausbps-backup02
 network-object host ausbps-backup01
 network-object host Hobbit-Monitor
!
 
 
access-list  DMZ#1_access_in extended permit tcp host ausbps-meap02 object-group BPS-EPN-Backup-Servers 
access-group  DMZ#1_access_in in interface SAI-DMZ
!
 
access-list EPN-INSIDE_access_in extended permit tcp object-group BPS-EPN-Management-and-Backup 172.20.228.0 255.255.255.240 
access-group EPN-INSIDE_access_in in interface EPN-INSIDE
!
 
 
access-list EPN-INSIDE_nat0_outbound extended permit ip object-group BPS-EPN-Shared-Services 172.20.228.0 255.255.255.240
nat (EPN-INSIDE) 0 access-list EPN-INSIDE_nat0_outbound
!

Open in new window

0
Comment
Question by:daveyp32
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
Duncan Meyers earned 1500 total points
ID: 24782064
Refer to  esg75228 at http://powerlink.emc.com for more information about how to modify the ports that Networker uses.

It's been a while since I had to make sense of Cisco configs - but that config looks like it permits TCP but not UDP. Networker uses both. But as I say, it's been a while and I've probably missed something in the config...
0
 

Author Closing Comment

by:daveyp32
ID: 31628661
No real answer has been found to this question.
We are waiting feed back from the supplier
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
Make the most of your online learning experience.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question