BluffPlace
MIS
Hello,
I'm in need of assistance and was wondering if someone could help out.
I am setting up a DMZ zone on my ASA-5520. I cannot ping or ftp to the external address from home.
Log viewer shows this when I try to ftp
%PIX|ASA-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name
This is a connection-related message. This message occurs when an attempt to connect to an inside address is denied by your security policy. Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the security appliance, and it was dropped. The tcp_flags in this packet are FIN and ACK.
The tcp_flags are as follows:
• ACK—The acknowledgment number was received.
• FIN—Data was sent.
• PSH—The receiver passed data to the application.
• RST—The connection was reset.
• SYN—Sequence numbers were synchronized to start a connection.
• URG—The urgent pointer was declared valid.
Log viewer shows this when I try to ping:
%PIX|ASA-3-106014: Deny inbound icmp src interface_name: IP_address dst interface_name: IP_address (type dec, code dec)
The security appliance denied any inbound ICMP packet access. By default, all ICMP packets are denied access unless specifically permitted.
I'm trying to figure out what am I doing wrong with the access rules.
Any assistance would be appreciated
I'm in need of assistance and was wondering if someone could help out.
I am setting up a DMZ zone on my ASA-5520. I cannot ping or ftp to the external address from home.
Log viewer shows this when I try to ftp
%PIX|ASA-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name
This is a connection-related message. This message occurs when an attempt to connect to an inside address is denied by your security policy. Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the security appliance, and it was dropped. The tcp_flags in this packet are FIN and ACK.
The tcp_flags are as follows:
• ACK—The acknowledgment number was received.
• FIN—Data was sent.
• PSH—The receiver passed data to the application.
• RST—The connection was reset.
• SYN—Sequence numbers were synchronized to start a connection.
• URG—The urgent pointer was declared valid.
Log viewer shows this when I try to ping:
%PIX|ASA-3-106014: Deny inbound icmp src interface_name: IP_address dst interface_name: IP_address (type dec, code dec)
The security appliance denied any inbound ICMP packet access. By default, all ICMP packets are denied access unless specifically permitted.
I'm trying to figure out what am I doing wrong with the access rules.
Any assistance would be appreciated