https://community.cisco.com/t5/network-security/session-disconnected-duration-0-bytes-0/m-p/3064401#M134714 <P>Hi Tad,</P> <P></P> <P>There can be multiple reasons behind this.</P> <P></P> <P>May I know what type of application is this?</P> <P></P> <P>We need to take the interface and asp drop captures for this.</P> <P></P> <P>Also, share a packet tracer output for this traffic.</P> <P></P> <P class="p1"><SPAN class="s1"><I>Regards,</I></SPAN></P> <P class="p1"><SPAN class="s1"><I>Aditya</I></SPAN></P> <P class="p1"><SPAN class="s1"><I>Please rate helpful posts and mark correct answers.</I></SPAN></P> <P class="p1"><SPAN class="s1"><BR /> </SPAN></P> Thu, 15 Jun 2017 08:21:26 GMT Aditya Ganjoo 2017-06-15T08:21:26Z https://community.cisco.com/t5/network-security/session-disconnected-duration-0-bytes-0/m-p/3064400#M134712 <P>Hi All,</P> <P></P> <P>While testing an application, we found that the session between the our virtual IP, and the backend server,&nbsp; is established over the firewall, and disconnected immediately. So the connection log shows "duration 0:00:00 bytes 0 TCP FINs" (attached)</P> <P></P> <P>This basically tells us that NO data was sent over, or the packet received by the backend server was discarded.</P> <P>But when I do a telnet to the application server port, the telnet session is established and is successful.</P> <P>Why so? We were not able to pin point.</P> <P></P> <P>Any inputs that could help me here please.</P> <P></P> <P>Regards,</P> Tue, 12 Mar 2019 09:35:20 GMT https://community.cisco.com/t5/network-security/session-disconnected-duration-0-bytes-0/m-p/3064400#M134712 tad.190804 2019-03-12T09:35:20Z https://community.cisco.com/t5/network-security/session-disconnected-duration-0-bytes-0/m-p/3064401#M134714 <P>Hi Tad,</P> <P></P> <P>There can be multiple reasons behind this.</P> <P></P> <P>May I know what type of application is this?</P> <P></P> <P>We need to take the interface and asp drop captures for this.</P> <P></P> <P>Also, share a packet tracer output for this traffic.</P> <P></P> <P class="p1"><SPAN class="s1"><I>Regards,</I></SPAN></P> <P class="p1"><SPAN class="s1"><I>Aditya</I></SPAN></P> <P class="p1"><SPAN class="s1"><I>Please rate helpful posts and mark correct answers.</I></SPAN></P> <P class="p1"><SPAN class="s1"><BR /> </SPAN></P> Thu, 15 Jun 2017 08:21:26 GMT https://community.cisco.com/t5/network-security/session-disconnected-duration-0-bytes-0/m-p/3064401#M134714 Aditya Ganjoo 2017-06-15T08:21:26Z https://community.cisco.com/t5/network-security/session-disconnected-duration-0-bytes-0/m-p/3064402#M134716 <P>Hi Tad,</P> <P></P> <P>The log is from ASDM I believe.</P> <P></P> <P>In order to troubleshoot the better approach is to apply captures on ASA for source and destination.</P> <P>If you want, I can help with the required commands but you need to be aware about the topolgy from ASA's perspactive.</P> <P></P> <P>Please do run a packet tracer ase well.</P> <P></P> <P>Now coming to your question that why it allow a telnet connection. It is fairly simple that on ASA Telnet traffic might have been allowed by any access rule but for normal traffic of that application, there is no rule to allow traffic and thats why the traffic is getting dropped. (It might be a reason, &nbsp;not sure.)</P> <P>Its better we take the capture and packet tracer.</P> <P></P> <P>Br</P> <P>Dubey, Shivam</P> <P>Ex-TAC (shivdube)</P> Thu, 15 Jun 2017 11:18:21 GMT https://community.cisco.com/t5/network-security/session-disconnected-duration-0-bytes-0/m-p/3064402#M134716 er.shivamdubey31190 2017-06-15T11:18:21Z