Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

ASA 5505 with ASDM

Posted on 2012-03-26
4
1,043 Views
Last Modified: 2012-06-27
Hi Experts,

I have a computer in DMZ interface that needs to join domain where is in inside.
All necessary ports are open.
When I try, I got the following error

"Deny TCP(no connection) from x.x.x.x /58923 to y.y.y.y/139  flags RST on interface DMZ"

I googled it and found below solution

"check your config for 'sysopt connection timewait'. If not, try adding it. Some software wants to do a two-way hangup at the end of a connection, and this option keeps connections open until both sides ack the closing."

Is this right one? If so, i just type 'sysopt connection timewait' in command line interface, right? or something else needs to be done.

This issue need to be resolved pretty sooon. Please help!!!!

Thanks in advance..
0
Comment
Question by:Ksean
  • 2
  • 2
4 Comments
 
LVL 10

Expert Comment

by:pclinuxguru
ID: 37766530
can you ping your domain controller from the computer in the DMZ and can you ping the computer from the domain controller?

Reason I ask is generally stuff in the DMZ can't talk to stuff on the inside. That is what makes it a dmz. You can make it do it if you really want to... requires some configuration though and then it is pointless having the dmz.
0
 

Author Comment

by:Ksean
ID: 37766645
I don't want any ping either direction because I didn't open ports for ICMP. All I need is to join domain. Any idea?
0
 
LVL 10

Accepted Solution

by:
pclinuxguru earned 500 total points
ID: 37766819
Well you need to test traffic from the dmz to the inside. Without ping I am not sure how you would do that.

DMZ traffic is blocked from inside traffic and vice vera.

If you want to simply join it to the domain then plug your cable to a switch on the inside interface and join it. Then move it back.
0
 

Author Closing Comment

by:Ksean
ID: 37835103
good job
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Guest Wi-Fi Time out 3 26
Cisco Router Security Commands. 2 30
What Cisco IOS has CBAC support? 4 20
Swapping port on a  Cisco 5510 firewall 1 18
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question