Hello guys,
Here is a toplogy : https://imgur.com/XyGTLQx
So I was tasked with looking into issues where the web app we use have some kind of connection issues. When I logged into ASA I saw a bunch of network connections being denied. The error message :
Inbound TCP connection denied from 69.29.84.200/443 to BRANCH1_IP/64364 flags ACK (or PSH ACK) on interface outside
ACL has permit any any on inside interface (branch1) and there is security level 100 on it, outside is 0. Googled said it looks like asymmetric routing issues, which looks like it cause there is a static route on branch1 router to that specific web app that goes through branch1 ASA, rest goes to Main branch router, and then through its firewall. At first i have thought it might be TCP timeout but by a default it is set to couple of minutes(?).
Any other things I can do to check it out? I am thinking about pushing all traffic through ASA with the issues and see if it will improve anything.
Happy monday!
No comments:
Post a Comment