Solved

ASA 5505 with ASDM

Posted on 2012-03-26
4
1,029 Views
Last Modified: 2012-06-27
Hi Experts,

I have a computer in DMZ interface that needs to join domain where is in inside.
All necessary ports are open.
When I try, I got the following error

"Deny TCP(no connection) from x.x.x.x /58923 to y.y.y.y/139  flags RST on interface DMZ"

I googled it and found below solution

"check your config for 'sysopt connection timewait'. If not, try adding it. Some software wants to do a two-way hangup at the end of a connection, and this option keeps connections open until both sides ack the closing."

Is this right one? If so, i just type 'sysopt connection timewait' in command line interface, right? or something else needs to be done.

This issue need to be resolved pretty sooon. Please help!!!!

Thanks in advance..
0
Comment
Question by:Ksean
  • 2
  • 2
4 Comments
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37766530
can you ping your domain controller from the computer in the DMZ and can you ping the computer from the domain controller?

Reason I ask is generally stuff in the DMZ can't talk to stuff on the inside. That is what makes it a dmz. You can make it do it if you really want to... requires some configuration though and then it is pointless having the dmz.
0
 

Author Comment

by:Ksean
ID: 37766645
I don't want any ping either direction because I didn't open ports for ICMP. All I need is to join domain. Any idea?
0
 
LVL 10

Accepted Solution

by:
pclinuxguru earned 500 total points
ID: 37766819
Well you need to test traffic from the dmz to the inside. Without ping I am not sure how you would do that.

DMZ traffic is blocked from inside traffic and vice vera.

If you want to simply join it to the domain then plug your cable to a switch on the inside interface and join it. Then move it back.
0
 

Author Closing Comment

by:Ksean
ID: 37835103
good job
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question