?
Solved

Networker 7.4.2 through a Cisco ASA5510

Posted on 2009-07-05
2
Medium Priority
?
435 Views
Last Modified: 2012-05-07
We have an ASA5510 that seperates 2 environments. The Client that we are trying to backup is in a DMZ. The Backup server sits in the Inside trusted network.
When we initiate the backups they do not complete and there are constant denies seen on the Firewall:
%ASA-6-106015: Deny TCP (no connection) from ausbps-meap02/2066 to ausbps-backup01/9544 flags RST on interface DMZ

We have open TCP rules between these 2 servers as seen in the config snipits seen below.
Are there any reasons that the backup client will send TCP FIN message within such a short period of time?
Firewall config:
interface Ethernet0/2.10
 vlan 10
 nameif DMZ#1
 security-level 50
 ip address 172.20.228.1 255.255.255.240 
!
 
interface Ethernet0/0
 nameif EPN-INSIDE
 security-level 100
 ip address 172.20.227.10 255.255.255.0 
!
!
name 172.20.228.5 ausbps-meap02
name 172.21.223.20 Hobbit-Monitor
name 172.20.223.11 ausbps-backup02 description EPN Backup Server
name 172.21.223.11 ausbps-backup01 description EPN Backup Server
 
object-group network BPS-EPN-Backup-Servers
 network-object host ausbps-backup02
 network-object host ausbps-backup01
!
object-group network BPS-EPN-Shared-Services
 network-object 172.20.223.0 255.255.255.224
 network-object 172.21.223.0 255.255.255.224
!
object-group network BPS-EPN-Management-and-Backup
 network-object host ausbps-backup02
 network-object host ausbps-backup01
 network-object host Hobbit-Monitor
!
 
 
access-list  DMZ#1_access_in extended permit tcp host ausbps-meap02 object-group BPS-EPN-Backup-Servers 
access-group  DMZ#1_access_in in interface SAI-DMZ
!
 
access-list EPN-INSIDE_access_in extended permit tcp object-group BPS-EPN-Management-and-Backup 172.20.228.0 255.255.255.240 
access-group EPN-INSIDE_access_in in interface EPN-INSIDE
!
 
 
access-list EPN-INSIDE_nat0_outbound extended permit ip object-group BPS-EPN-Shared-Services 172.20.228.0 255.255.255.240
nat (EPN-INSIDE) 0 access-list EPN-INSIDE_nat0_outbound
!

Open in new window

0
Comment
Question by:daveyp32
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
Duncan Meyers earned 1500 total points
ID: 24782064
Refer to  esg75228 at http://powerlink.emc.com for more information about how to modify the ports that Networker uses.

It's been a while since I had to make sense of Cisco configs - but that config looks like it permits TCP but not UDP. Networker uses both. But as I say, it's been a while and I've probably missed something in the config...
0
 

Author Closing Comment

by:daveyp32
ID: 31628661
No real answer has been found to this question.
We are waiting feed back from the supplier
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question