Solved

Networker 7.4.2 through a Cisco ASA5510

Posted on 2009-07-05
2
417 Views
Last Modified: 2012-05-07
We have an ASA5510 that seperates 2 environments. The Client that we are trying to backup is in a DMZ. The Backup server sits in the Inside trusted network.
When we initiate the backups they do not complete and there are constant denies seen on the Firewall:
%ASA-6-106015: Deny TCP (no connection) from ausbps-meap02/2066 to ausbps-backup01/9544 flags RST on interface DMZ

We have open TCP rules between these 2 servers as seen in the config snipits seen below.
Are there any reasons that the backup client will send TCP FIN message within such a short period of time?
Firewall config:

interface Ethernet0/2.10

 vlan 10

 nameif DMZ#1

 security-level 50

 ip address 172.20.228.1 255.255.255.240 

!
 

interface Ethernet0/0

 nameif EPN-INSIDE

 security-level 100

 ip address 172.20.227.10 255.255.255.0 

!

!

name 172.20.228.5 ausbps-meap02

name 172.21.223.20 Hobbit-Monitor

name 172.20.223.11 ausbps-backup02 description EPN Backup Server

name 172.21.223.11 ausbps-backup01 description EPN Backup Server
 

object-group network BPS-EPN-Backup-Servers

 network-object host ausbps-backup02

 network-object host ausbps-backup01

!

object-group network BPS-EPN-Shared-Services

 network-object 172.20.223.0 255.255.255.224

 network-object 172.21.223.0 255.255.255.224

!

object-group network BPS-EPN-Management-and-Backup

 network-object host ausbps-backup02

 network-object host ausbps-backup01

 network-object host Hobbit-Monitor

!
 
 

access-list  DMZ#1_access_in extended permit tcp host ausbps-meap02 object-group BPS-EPN-Backup-Servers 

access-group  DMZ#1_access_in in interface SAI-DMZ

!
 

access-list EPN-INSIDE_access_in extended permit tcp object-group BPS-EPN-Management-and-Backup 172.20.228.0 255.255.255.240 

access-group EPN-INSIDE_access_in in interface EPN-INSIDE

!
 
 

access-list EPN-INSIDE_nat0_outbound extended permit ip object-group BPS-EPN-Shared-Services 172.20.228.0 255.255.255.240

nat (EPN-INSIDE) 0 access-list EPN-INSIDE_nat0_outbound

!

Open in new window

0
Comment
Question by:daveyp32
2 Comments
 
LVL 30

Accepted Solution

by:
Duncan Meyers earned 500 total points
ID: 24782064
Refer to  esg75228 at http://powerlink.emc.com for more information about how to modify the ports that Networker uses.

It's been a while since I had to make sense of Cisco configs - but that config looks like it permits TCP but not UDP. Networker uses both. But as I say, it's been a while and I've probably missed something in the config...
0
 

Author Closing Comment

by:daveyp32
ID: 31628661
No real answer has been found to this question.
We are waiting feed back from the supplier
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now