https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/4294023#M1078599 <P>Another case where the ASA will display the message "terminated by inspection engine" is when the FTP server's reply to the PASV command (which the client sends) contains a different IP address than the packets are coming from.&nbsp; When the ASA sees the packets coming from one IP address and the PASV reply contain a different address in the control response, this will fail inspection and the ASA will reset the connection.</P> Thu, 18 Feb 2021 23:01:22 GMT jhubel@midwave 2021-02-18T23:01:22Z https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/2114502#M394928 <P>Hi eveyone,</P><P></P><P>I am seeing in log</P><P></P><P>%ASA-4-507003: tcp flow from xx:192.168.x.x/41211 to outside:69.171.224.36/80 terminated by inspection engine, reason - inspector reset unconditionally.</P><P></P><P>Need to undertsand what does this log mean?</P><P></P><P>Thanks</P><P></P><P>MAhesh</P> Tue, 12 Mar 2019 00:29:50 GMT https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/2114502#M394928 mahesh18 2019-03-12T00:29:50Z https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/2114503#M394939 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>What version are you running?</P><P></P><P>Are you using a websense?</P><P></P><P>Julio</P></BODY></HTML> Thu, 29 Nov 2012 01:21:43 GMT https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/2114503#M394939 Julio Carvajal 2012-11-29T01:21:43Z https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/2114504#M394951 <HTML><HEAD></HEAD><BODY><P> Hi Julio,</P><P></P><P>Version is </P><P></P><P>Cisco Adaptive Security Appliance Software Version 8.0(5)27</P><P></P><P>Yes we are using websense</P></BODY></HTML> Thu, 29 Nov 2012 15:29:10 GMT https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/2114504#M394951 mahesh18 2012-11-29T15:29:10Z https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/2114505#M394961 <HTML><HEAD></HEAD><BODY><P>Hello Mahesh,</P><P></P><P>Right now we are facing the issue with the websense on the other discussion , can we doble check that the websense is reachable from the ASA and then focus on this..</P><P></P><P></P><P></P><P></P><P>Check this bug ID:<STRONG style="color: #000000; font-family: 'Times New Roman'; font-size: large;"><A href="https://cdetsng.cisco.com/webui/#view=CSCsx79354">CSCsx79354</A></STRONG><BR /><BR /></P><P></P><P>Add url-block url-size, url-block url-mempool and add the filter command</P><P>with the cgi-truncate option</P><P><BR style="line-height: 11.199999809265137px; color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 11.199999809265137px; background-color: #ffffff;" /></P><P>ex:</P><P>filter url 0 0 0 0 cgi-truncate</P><P>url-block url-mempool 5</P><P>url-block url-size 4</P><P><BR style="line-height: 11.199999809265137px; color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 11.199999809265137px; background-color: #ffffff;" /></P><P>Even the though the page may load with the workaround above, the syslogs</P><P>(507003) may still continue to print.</P><P></P><P>So try the workaround as soon as you got the websense up ( if you keep getting those messages)</P></BODY></HTML> Thu, 29 Nov 2012 17:16:02 GMT https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/2114505#M394961 Julio Carvajal 2012-11-29T17:16:02Z https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/2114506#M394968 <P>we are running&nbsp;</P> <P>&nbsp;Version 9.1(6) and we see the same error&nbsp;</P> <P>any insight will be greatly appreciate it&nbsp;</P> Tue, 10 Nov 2015 17:26:55 GMT https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/2114506#M394968 pedro.sanchez 2015-11-10T17:26:55Z https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/4294023#M1078599 <P>Another case where the ASA will display the message "terminated by inspection engine" is when the FTP server's reply to the PASV command (which the client sends) contains a different IP address than the packets are coming from.&nbsp; When the ASA sees the packets coming from one IP address and the PASV reply contain a different address in the control response, this will fail inspection and the ASA will reset the connection.</P> Thu, 18 Feb 2021 23:01:22 GMT https://community.cisco.com/t5/network-security/tcp-flow-terminated-by-inspection-engine/m-p/4294023#M1078599 jhubel@midwave 2021-02-18T23:01:22Z