webserver connected to 5515X resets sessions

Discussion in 'other firewalls' started by michaelgbenga, Sep 23, 2014.

  1. michaelgbenga

    michaelgbenga Registered Member

    Joined:
    Sep 23, 2014
    Posts:
    1
    Hi All,
    I have a firewall (Cisco ASA 5520) running; acting as Internet edge with interfaces going to DMZ, Internet and LAN. I have been able to copy/translate the config from the 5520 to 5515-X; LAN users can get to the internet, but sessions going from the LAN browser to the DMZ webserver gets reset, also access to the webserver isn't possible from the internet. Here is a capture of the activity done on the 5515-X box.

    Does anyone have an idea why the reset is coming from the webserver? Because it appears that the 5515-X is passing traffic normally.

    DMZ webserver public IP address: 197.253.4.13.80

    The following capture is a session from firewall showing sessions of my attempts trying to reach the webserver from the internet. Strangely, LAN users cannot reach the webserver from their web browser.


    ciscoasa(config)# show cap

    ciscoasa(config)# show capture capo

    96 packets captured

    Code:
       1: 11:22:28.518680       41.58.192.110.56382 > 197.253.4.13.80: . 185938744:185938745(1) ack 1999498768 win 668
       2: 11:22:28.518909       197.253.4.13.80 > 41.58.192.110.56382: . ack 185938745 win 258 <nop,nop,sack sack 1 {185938744:185938745} >
       3: 11:22:56.074535       41.58.192.110.56443 > 197.253.4.13.80: S 225050592:225050592(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
       4: 11:22:56.074947       197.253.4.13.80 > 41.58.192.110.56443: S 2143290466:2143290466(0) ack 225050593 win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
       5: 11:22:56.096369       41.58.192.110.56382 > 197.253.4.13.80: P 185938745:185939148(403) ack 1999498768 win 668
       6: 11:22:56.097147       197.253.4.13.80 > 41.58.192.110.56382: P 1999498768:1999499147(379) ack 185939148 win 257
       7: 11:22:56.097407       41.58.192.110.56444 > 197.253.4.13.80: S 3177908077:3177908077(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
       8: 11:22:56.097864       197.253.4.13.80 > 41.58.192.110.56444: S 3709476046:3709476046(0) ack 3177908078 win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
       9: 11:22:56.124032       41.58.192.110.56443 > 197.253.4.13.80: . ack 2143290467 win 64
      10: 11:22:56.139275       41.58.192.110.56382 > 197.253.4.13.80: P 185939148:185939552(404) ack 1999499147 win 666
      11: 11:22:56.139305       41.58.192.110.56444 > 197.253.4.13.80: . ack 3709476047 win 64
      12: 11:22:56.141029       197.253.4.13.80 > 41.58.192.110.56382: P 1999499147:1999499496(349) ack 185939552 win 255
      13: 11:22:56.289337       41.58.192.110.56382 > 197.253.4.13.80: P 185939552:185939971(419) ack 1999499496 win 665
      14: 11:22:56.498036       197.253.4.13.80 > 41.58.192.110.56382: . ack 185939971 win 253
      15: 11:23:14.245730       41.58.192.110.56443 > 197.253.4.13.80: F 225050593:225050593(0) ack 2143290467 win 64
      16: 11:23:14.246157       197.253.4.13.80 > 41.58.192.110.56443: R 2143290467:2143290467(0) ack 225050594 win 0
      17: 11:23:14.260347       41.58.192.110.56444 > 197.253.4.13.80: F 3177908078:3177908078(0) ack 3709476047 win 64
      18: 11:23:14.260743       197.253.4.13.80 > 41.58.192.110.56444: R 3709476047:3709476047(0) ack 3177908079 win 0
      19: 11:23:41.547396       41.58.192.110.56382 > 197.253.4.13.80: . 185939970:185939971(1) ack 1999499496 win 665
      20: 11:23:41.547563       197.253.4.13.80 > 41.58.192.110.56382: . ack 185939971 win 253 <nop,nop,sack sack 1 {185939970:185939971} >
      21: 11:23:48.543535       197.253.4.13.80 > 41.58.192.110.56382: . 1999499496:1999500876(1380) ack 185939971 win 253
      22: 11:23:48.543535       197.253.4.13.80 > 41.58.192.110.56382: P 1999500876:1999500900(24) ack 185939971 win 253
    <--- More --->
                
      23: 11:23:48.577194       41.58.192.110.56382 > 197.253.4.13.80: . ack 1999500900 win 668
      24: 11:24:33.595229       41.58.192.110.56382 > 197.253.4.13.80: . 185939970:185939971(1) ack 1999500900 win 668
      25: 11:24:33.595657       197.253.4.13.80 > 41.58.192.110.56382: . ack 185939971 win 253 <nop,nop,sack sack 1 {185939970:185939971} >
      26: 11:25:18.652966       41.58.192.110.56382 > 197.253.4.13.80: . 185939970:185939971(1) ack 1999500900 win 668
      27: 11:25:18.653301       197.253.4.13.80 > 41.58.192.110.56382: . ack 185939971 win 253 <nop,nop,sack sack 1 {185939970:185939971} >
      28: 11:25:57.343060       197.253.4.13.80 > 41.58.192.110.56382: R 1999500900:1999500900(0) ack 185939971 win 0
      29: 11:28:15.663494       41.58.192.110.56461 > 197.253.4.13.80: S 3498063413:3498063413(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
      30: 11:28:15.663951       197.253.4.13.80 > 41.58.192.110.56461: S 852661898:852661898(0) ack 3498063414 win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
      31: 11:28:15.668514       41.58.192.110.56462 > 197.253.4.13.80: S 3386221364:3386221364(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
      32: 11:28:15.668941       197.253.4.13.80 > 41.58.192.110.56462: S 1691661140:1691661140(0) ack 3386221365 win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
      33: 11:28:15.674083       41.58.192.110.56463 > 197.253.4.13.80: S 2413933003:2413933003(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
      34: 11:28:15.674571       197.253.4.13.80 > 41.58.192.110.56463: S 1543422687:1543422687(0) ack 2413933004 win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
      35: 11:28:16.258974       41.58.192.110.56464 > 197.253.4.13.80: S 2955224897:2955224897(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
      36: 11:28:16.259279       197.253.4.13.80 > 41.58.192.110.56464: S 3254831050:3254831050(0) ack 2955224898 win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
      37: 11:28:16.584732       41.58.192.110.56461 > 197.253.4.13.80: S 3498063413:3498063413(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
      38: 11:28:16.584900       41.58.192.110.56462 > 197.253.4.13.80: S 3386221364:3386221364(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
      39: 11:28:16.587967       41.58.192.110.56463 > 197.253.4.13.80: S 2413933003:2413933003(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
      40: 11:28:16.608199       41.58.192.110.56464 > 197.253.4.13.80: S 2955224897:2955224897(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
      41: 11:28:16.753043       41.58.192.110.56461 > 197.253.4.13.80: . ack 852661899 win 64
      42: 11:28:16.773229       41.58.192.110.56461 > 197.253.4.13.80: P 3498063414:3498063818(404) ack 852661899 win 64
      43: 11:28:16.774847       197.253.4.13.80 > 41.58.192.110.56461: P 852661899:852662248(349) ack 3498063818 win 258
      44: 11:28:16.778707       41.58.192.110.56462 > 197.253.4.13.80: . ack 1691661141 win 64
      45: 11:28:16.778722       41.58.192.110.56463 > 197.253.4.13.80: . ack 1543422688 win 64
      46: 11:28:16.892974       41.58.192.110.56464 > 197.253.4.13.80: . ack 3254831051 win 64
    <--- More --->
                
      47: 11:28:16.968226       41.58.192.110.56461 > 197.253.4.13.80: P 3498063818:3498064237(419) ack 852662248 win 63
      48: 11:28:17.173391       197.253.4.13.80 > 41.58.192.110.56461: . ack 3498064237 win 257
      49: 11:28:25.693628       41.58.192.110.56462 > 197.253.4.13.80: F 3386221365:3386221365(0) ack 1691661141 win 64
      50: 11:28:25.694040       197.253.4.13.80 > 41.58.192.110.56462: R 1691661141:1691661141(0) ack 3386221366 win 0
      51: 11:28:35.714242       41.58.192.110.56464 > 197.253.4.13.80: F 2955224898:2955224898(0) ack 3254831051 win 64
      52: 11:28:35.714333       41.58.192.110.56463 > 197.253.4.13.80: F 2413933004:2413933004(0) ack 1543422688 win 64
      53: 11:28:35.714623       197.253.4.13.80 > 41.58.192.110.56464: R 3254831051:3254831051(0) ack 2955224899 win 0
      54: 11:28:35.714638       197.253.4.13.80 > 41.58.192.110.56463: R 1543422688:1543422688(0) ack 2413933005 win 0
      55: 11:29:02.254274       41.58.192.110.56461 > 197.253.4.13.80: . 3498064236:3498064237(1) ack 852662248 win 63
      56: 11:29:02.254610       197.253.4.13.80 > 41.58.192.110.56461: . ack 3498064237 win 257 <nop,nop,sack sack 1 {3498064236:3498064237} >
      57: 11:29:09.203312       197.253.4.13.80 > 41.58.192.110.56461: . 852662248:852663628(1380) ack 3498064237 win 257
      58: 11:29:09.203312       197.253.4.13.80 > 41.58.192.110.56461: P 852663628:852663652(24) ack 3498064237 win 257
      59: 11:29:09.246767       41.58.192.110.56461 > 197.253.4.13.80: . ack 852663652 win 64
      60: 11:29:30.308928       41.58.192.110.56484 > 197.253.4.13.80: S 2802441185:2802441185(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
      61: 11:29:30.309157       197.253.4.13.80 > 41.58.192.110.56484: S 1160616368:1160616368(0) ack 2802441186 win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
      62: 11:29:30.309844       41.58.192.110.56485 > 197.253.4.13.80: S 736842679:736842679(0) win 8192 <mss 1400,nop,wscale 8,nop,nop,sackOK>
      63: 11:29:30.310332       197.253.4.13.80 > 41.58.192.110.56485: S 3780095338:3780095338(0) ack 736842680 win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
      64: 11:29:30.327360       41.58.192.110.56484 > 197.253.4.13.80: . ack 1160616369 win 64
      65: 11:29:30.347897       41.58.192.110.56485 > 197.253.4.13.80: . ack 3780095339 win 64
      66: 11:29:31.063091       41.58.192.110.56484 > 197.253.4.13.80: P 2802441186:2802441530(344) ack 1160616369 win 64
      67: 11:29:31.063839       197.253.4.13.80 > 41.58.192.110.56484: P 1160616369:1160616740(371) ack 2802441530 win 258
      68: 11:29:31.128518       41.58.192.110.56484 > 197.253.4.13.80: P 2802441530:2802441875(345) ack 1160616740 win 63
      69: 11:29:31.139076       197.253.4.13.80 > 41.58.192.110.56484: P 1160616740:1160617156(416) ack 2802441875 win 257
      70: 11:29:31.207691       41.58.192.110.56484 > 197.253.4.13.80: P 2802441875:2802442290(415) ack 1160617156 win 61
    <--- More --->
                
      71: 11:29:31.417855       197.253.4.13.80 > 41.58.192.110.56484: . ack 2802442290 win 255
      72: 11:29:49.228458       41.58.192.110.56485 > 197.253.4.13.80: F 736842680:736842680(0) ack 3780095339 win 64
      73: 11:29:49.228854       197.253.4.13.80 > 41.58.192.110.56485: R 3780095339:3780095339(0) ack 736842681 win 0
      74: 11:29:54.264222       41.58.192.110.56461 > 197.253.4.13.80: . 3498064236:3498064237(1) ack 852663652 win 64
      75: 11:29:54.264604       197.253.4.13.80 > 41.58.192.110.56461: . ack 3498064237 win 257 <nop,nop,sack sack 1 {3498064236:3498064237} >
      76: 11:30:16.443244       41.58.192.110.56484 > 197.253.4.13.80: . 2802442289:2802442290(1) ack 1160617156 win 61
      77: 11:30:16.443595       197.253.4.13.80 > 41.58.192.110.56484: . ack 2802442290 win 255 <nop,nop,sack sack 1 {2802442289:2802442290} >
      78: 11:30:23.447807       197.253.4.13.80 > 41.58.192.110.56484: . 1160617156:1160618536(1380) ack 2802442290 win 255
      79: 11:30:23.447807       197.253.4.13.80 > 41.58.192.110.56484: P 1160618536:1160618560(24) ack 2802442290 win 255
      80: 11:30:23.490437       41.58.192.110.56484 > 197.253.4.13.80: . ack 1160618560 win 64
      81: 11:30:24.331251       41.58.192.110.56484 > 197.253.4.13.80: P 2802442290:2802442623(333) ack 1160618560 win 64
      82: 11:30:24.332151       197.253.4.13.80 > 41.58.192.110.56484: . 1160618560:1160619940(1380) ack 2802442623 win 254
      83: 11:30:24.332151       197.253.4.13.80 > 41.58.192.110.56484: P 1160619940:1160619965(25) ack 2802442623 win 254
      84: 11:30:24.632520       197.253.4.13.80 > 41.58.192.110.56484: . 1160618560:1160619940(1380) ack 2802442623 win 254
      85: 11:30:24.795628       41.58.192.110.56484 > 197.253.4.13.80: P 2802442290:2802442623(333) ack 1160618560 win 64
      86: 11:30:24.795979       197.253.4.13.80 > 41.58.192.110.56484: . ack 2802442623 win 254 <nop,nop,sack sack 1 {2802442290:2802442623} >
      87: 11:30:24.816241       41.58.192.110.56484 > 197.253.4.13.80: . ack 1160619965 win 64
      88: 11:30:24.865876       41.58.192.110.56484 > 197.253.4.13.80: . ack 1160619965 win 64 <nop,nop,sack sack 1 {1160618560:1160619940} >
      89: 11:30:24.881302       41.58.192.110.56484 > 197.253.4.13.80: . ack 1160619965 win 64
      90: 11:30:39.301208       41.58.192.110.56461 > 197.253.4.13.80: . 3498064236:3498064237(1) ack 852663652 win 64
      91: 11:30:39.301543       197.253.4.13.80 > 41.58.192.110.56461: . ack 3498064237 win 257 <nop,nop,sack sack 1 {3498064236:3498064237} >
      92: 11:31:09.358959       41.58.192.110.56484 > 197.253.4.13.80: . 2802442622:2802442623(1) ack 1160619965 win 64
      93: 11:31:09.359097       197.253.4.13.80 > 41.58.192.110.56484: . ack 2802442623 win 254 <nop,nop,sack sack 1 {2802442622:2802442623} >
      94: 11:31:17.846788       197.253.4.13.80 > 41.58.192.110.56461: R 852663652:852663652(0) ack 3498064237 win 0
    <--- More --->
                
      95: 11:31:54.397638       41.58.192.110.56484 > 197.253.4.13.80: . 2802442622:2802442623(1) ack 1160619965 win 64
      96: 11:32:39.389551       41.58.192.110.56484 > 197.253.4.13.80: . 2802442622:2802442623(1) ack 1160619965 win 64
    96 packets shown
    
    ciscoasa(config)#   acce
    
     
Loading...