Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: ASA 5505 Hairpin-issue.

ASA 5505 Hairpin-issue. 6 years 11 months ago #32379

  • Kinjara
  • Kinjara's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
I got an issue with my ASA 5505.
Currently we use 1 server to welcome "remote desktop"-users that need to have shared-network-drives towards another server.

So we have 1 ISP connecting to the ASA.
The Asa has portforwarding for 3389 towards the server.

Now users can get to the remote server, use internet.
BUT! once they try to reache server the networkdrives work from time to time. If they dont work even a simple 'ping' does not return.

i have trouble shooted the asa for quite a bit now and got to:
'6 Oct 09 2009 13:46:50 106015 192.168.1.XX 50535 192.168.1.XY 445 Deny TCP (no connection) from 192.168.1.XX/50535 to 192.168.1.XY/445 flags PSH ACK on interface inside.

that seem to come after an X fails like:
"Portmap translation creation failed for tcp src inside 192.168.1.XX/50699 to dst inside: 192.168.1.XY/445"

I can create a Dynamic static policy nat rules porting the requests however it will still get send to the WAN-interface and once it gets returned from the ISP-router its killed with the message its a "land attack".

Anyone know a clue as to where i can start to trouble shoot or even beter fix this?
The administrator has disabled public write access.
Time to create page: 0.070 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup