4
« on: June 16, 2015, 09:26:41 AM »
I found another problem,
my site2 asa version:8.21 (asa5505)
subnet:192.168.7.x 192.168.8.x 192.168.9.x
Site1 asa version: 8.21 (asa5520)
subnet:192.168.38.x 192.168.86.x 192.168.70.x
when i add below commons in two asa, peer status is up
access-list TCP_Option_76 extended permit tcp any any log
tcp-map TCP_Option_76_Tmap
tcp-options range 76 76 allow
class-map TCP_Option_76_Cmap
match access-list TCP_Option_76
policy-map global_policy
class TCP_Option_76_Cmap
set connection advanced-options TCP_Option_76_Tmap
All Clients of Site2 can't access site1 's sql, web Servers of all,but ping is ok,but they can access website of outside
must "no service-policy global_policy global" in site1 asa and reload asa5505 , it can reback normal