Getting 'Deny TCP (no connection)' after session Teardown

jnaglich — Tue, 12 Mar 2019 05:55:13 GMT

I've been having a problem with getting microsoft-ds (445/tcp) connectivity between servers at two different sites. It looks like the routing and the firewall rules are setup to allow the traffic, but when I attempt to connect, I'm getting the following behavior:

May 12 14:42:54 myfw %ASA-6-302013: Built inbound TCP connection 225654645 for lab-transit:10.25.240.36/62318 (10.25.240.36/62318) to transit:10.70.10.53/445 (10.70.10.53/445)
May 12 14:43:14 myfw %ASA-6-302014: Teardown TCP connection 225654645 for lab-transit:10.25.240.36/62318 to transit:10.70.10.53/445 duration 0:00:19 bytes 4094 TCP Reset-I
May 12 14:43:14 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:25 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:26 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:27 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:28 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:29 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:30 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:31 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:32 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:33 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:34 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:35 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags RST ACK on interface lab-transit

The time between build and teardown is consistently 19 seconds and this pattern keeps repeating. Has anyone seen this before?

I'd setup a captures on the

JEFF SPRADLING — Tue, 12 May 2015 17:46:01 GMT

I'd setup a captures on the transit and lab-transit interfaces and review both of them in Wireshark. The reset is coming from one side or the other, not from the firewall. Once you determine which one is sending the reset, you can look deeper into that server to find out why.

Hi,To add to Jeff's comment ,

Vibhor Amrodia — Thu, 14 May 2015 05:47:49 GMT

Hi,

To add to Jeff's comment , Once you know why the initial reply is a RESET , these No connections syslog would go away.

As the Other end is still trying to send DATA even though the connections has been removed after the RESET is received on the ASA device.

Notice , the same source port for the RESET log and the no connection log. IO think this is the probable issue and try to find the reason for the RESET and that should resolve the issue.

Thanks and Regards,

Vibhor Amrodia

topic Hi,To add to Jeff's comment , in Network Security

Getting 'Deny TCP (no connection)' after session Teardown

I'd setup a captures on the

Hi,To add to Jeff's comment ,