topic Re: Teardown TCP Connection on ASA in Network Security

Teardown TCP Connection on ASA

tanmoymm91 — Fri, 03 May 2024 12:49:06 GMT

Hi Network Greats,

I observed below syslog events on one of ASA device .

<190>May 03 2024 12:19:10 ICRA-ASA-PRI : %ASA-6-302016: Teardown UDP connection 9832480 for OUTSIDE:65.49.1.115/55845 to identity:10.10.100.4/500 duration 0:02:24 bytes 608

Does this signify that the connection was built out on ASA or connection was terminated.

What the exact difference between deny and tear down?

Thanks,

Re: Teardown TCP Connection on ASA

MHM Cisco World — Fri, 03 May 2024 13:08:42 GMT

These are different

Deny permit is for ACL

Teardown or build connection is for CONN table'

Now what you see is traffic from outside to identity (i.e. ASA itself) and traffic is UDP and port is 500 i.e. it is IPSec VPN port' and traffic is teardown i.e. the VPN is down for reason

MHM

Re: Teardown TCP Connection on ASA

Jerome BERTHIER — Mon, 06 May 2024 17:06:15 GMT

This syslog event indicates that the state of an UDP "session" was deleted from the connection state of the ASA.

Here the documentation : https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs3.html#con_4770749

You can use the command "sh conn" to check the connection states.

Regards