..... you found the solution yourself... :). I replied to your first email.
FNK On Fri, Apr 20, 2012 at 4:45 PM, Imre Oszkar <[email protected]> wrote: > a static identity nat for the virtual ip-s fixed the problem..however I > don't get the idea why do we need that. The traffic was sourced from a > higher sec interface(dmz) to a lower sec interface (outside) > > > On Fri, Apr 20, 2012 at 1:35 PM, Imre Oszkar <[email protected]> wrote: > >> Hi, >> >> I have the following cut-trough proxy config on an ASA. >> >> aaa authentication match trigger dmz TACACS >> access-list trigger extended permit tcp any any eq 2001 >> access-list trigger extended permit tcp any host 10.0.0.200 eq www >> access-list trigger extended permit tcp any host 10.0.0.201 eq telnet >> >> virtual http 10.0.0.200 >> virtual telnet 10.0.0.201 >> >> For some reason the virtual IPs don't accept connections. Here is the >> log I get on the ASA: >> >> %ASA-2-106001: Inbound TCP connection denied from 10.0.0.100/3088 to >> 10.0.0.201/23 flags SYN on interface dmz >> %ASA-2-106001: Inbound TCP connection denied from 10.0.0.100/1035 to >> 10.0.0.200/80 flags SYN on interface dmz >> >> Any other form of network authentication is working well, including >> listener and redirect. >> >> Please comment, >> >> Thanks, >> Oszkar >> >> >> >> >> >> > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
