dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2184

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet to Nubiatech

MVM

to Nubiatech

Re: turn asa into "router"

said by Nubiatech:

I hope the OP hasn't given up on this setup yet!

only temporarily.
i've been on the road quite a bit (will end up being on the road four weeks in a row) -- so my time to dink is quite limited.

maybe later in the night this week i can look at it.
said by Nubiatech:

Were there any debugs available or any "no connection" denies logged?

i haven't fired up the asdm yet. again -- this is just a lack of time.
said by Nubiatech:

Also, have you attempted to turn off inspection altogether?

the global policy-map is not enabled on the device at all, so there is no inspection based on traffic type. i turned off the "stateful"-ness of the firewall to no avail. the acl's are simply "permitting all".

q.

jsb
join:2009-12-25
Canada

jsb

Member

Are you sure about that? Check informational/debug logs. State-bypass is your friend.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet to krw17

MVM

to krw17
said by krw17:

he other thing you might try is turning off sequence randomization.

as a resolution to this -- i finally have it working.
chalk it up to user error on the tcp-state-bypass.

fired up the asa and still getting logs indicating lack of tcp connection state. ok. why?

looked through my configs and the error -- thinking that tcp-state-bypass *should* answer this.
look at the acl. apparently -- the 0.0.0.0/0 was turned into a "host" statement rather than an "any" statement.
shit.

remove configs, replace acl, reapply configs.

we're back in business. everything works. getting ready to rip out my 871w now.

thanks to everyone for chiming in.

q.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to tubbynet

MVM

to tubbynet
Wanna post up a sanitized config, just for reference... and for that "I googled and found your thread, but I don't see exactly HOW you solved this problem?!"

Regards