Skip to main content

ASA 5505 Hairpin-issue.

More
15 years 1 month ago #32379 by Kinjara
I got an issue with my ASA 5505.
Currently we use 1 server to welcome "remote desktop"-users that need to have shared-network-drives towards another server.

So we have 1 ISP connecting to the ASA.
The Asa has portforwarding for 3389 towards the server.

Now users can get to the remote server, use internet.
BUT! once they try to reache server the networkdrives work from time to time. If they dont work even a simple 'ping' does not return.

i have trouble shooted the asa for quite a bit now and got to:
'6 Oct 09 2009 13:46:50 106015 192.168.1.XX 50535 192.168.1.XY 445 Deny TCP (no connection) from 192.168.1.XX/50535 to 192.168.1.XY/445 flags PSH ACK on interface inside.

that seem to come after an X fails like:
"Portmap translation creation failed for tcp src inside 192.168.1.XX/50699 to dst inside: 192.168.1.XY/445"

I can create a Dynamic static policy nat rules porting the requests however it will still get send to the WAN-interface and once it gets returned from the ISP-router its killed with the message its a "land attack".

Anyone know a clue as to where i can start to trouble shoot or even beter fix this?
Time to create page: 0.116 seconds