topic Re: ASA5505 and tcp connections drops.? in Network Security

ASA5505 and tcp connections drops.?

j-tagesson — Mon, 11 Mar 2019 17:57:46 GMT

Hi there. I have a strange issue.

I have a ASA 5505 with some clients behind it who connects to an offsite database.

They run the application all day, but for longer periods of times, ie 1-2 hours they are idle in the application.

When they start using the application again they get messaages that they have been disconnected from the databse or they get an unresponsive

applications for like 5-10 minutes beforeit starts to function again.

To solve this I thought I increase the tcp timeout so I did, for the client server traffic. Now it's set to 4 hrs.

BUT I still get the error.??

Has anyone got a clue what could cause this ?

Regards Joel

Re: ASA5505 and tcp connections drops.?

Federico Coto Fajardo — Thu, 10 Jun 2010 14:22:41 GMT

Hi,

Isn't the application itself where the're getting disconnected at?

I don't think they are being disconnected by the ASA if you increased the TCP timeout.

Do you know if the PING works all the time (even when they are disconnected)?

I just want to know if the issue is that the connection is being torn down by the ASA or that the application itself disconnects the users after an idle period.

Federico.

Re: ASA5505 and tcp connections drops.?

j-tagesson — Thu, 10 Jun 2010 14:37:22 GMT

Good thinking.

I was thinking that my new 4 hrs tcp timeout sh conn would work as proof that It's not the ASA firewall.

Meanwhile the server guys put a client outside the firewall...

And that client haven't had the disconnect issue..

So I guess the problem came right back at us. 🙂

Ping works all the time btw.

Re: ASA5505 and tcp connections drops.?

Federico Coto Fajardo — Thu, 10 Jun 2010 14:43:20 GMT

mmm...

If the ASA is causing the problem, then it should show in the logs.

Can you post the logs?

Federico.

Re: ASA5505 and tcp connections drops.?

j-tagesson — Thu, 10 Jun 2010 14:56:05 GMT

Here's where it's getting tricky.. I can't seem to find anything in the logs. I have set up a syslog server but either I have set up the logging wrong or

it doesn't show any error..

For instance, I get local1.warning and local1.notice but I can't find any errors regarding this communication

Here's my logging: (attatched file)

Am I doing something wrong ?

Also, I have logging informational on the rule with the traffic from client to server.

Re: ASA5505 and tcp connections drops.?

Federico Coto Fajardo — Thu, 10 Jun 2010 15:29:58 GMT

You're not getting any logs on the syslog server?

Can you change it to level debugging?

Federico.

Re: ASA5505 and tcp connections drops.?

j-tagesson — Fri, 11 Jun 2010 07:12:24 GMT

Sorry. I'm getting logs to syslog , jut not anything interesting with the ipadresses that I've specified.

I can change it to debugging and se if anything happends..

Re: ASA5505 and tcp connections drops.?

j-tagesson — Fri, 11 Jun 2010 07:45:43 GMT

I found out that I had to enable 106100 messages which by default didn't get logged to syslog.. Now I'm getting my traffic sent to the syslog server.

Re: ASA5505 and tcp connections drops.?

Federico Coto Fajardo — Fri, 11 Jun 2010 16:13:32 GMT

Great!

Can you see if you're getting logs related to this connection?

Federico.

Re: ASA5505 and tcp connections drops.?

rcordeiro — Thu, 08 Jul 2010 09:56:53 GMT

Hi,

Did you solve this? I'm having the same problem.

Regards

Re: ASA5505 and tcp connections drops.?

Michichael — Thu, 29 Jul 2010 23:53:34 GMT

Same problem on my end. Only thing I can see is when the connection drops, I get this logged:

6 Jul 29 2010 16:47:56 302014 99.100.154.220 3389 10.20.12.214 9261 Teardown TCP connection 49927 for outside:99.100.154.220/3389 to inside:10.20.12.214/9261 duration 0:13:39 bytes 3083949 TCP Reset-I

that's the only indicator I have of anything going wrong on this, and that's when it drops.

My configuration is all but virgin - no funky ACL's - just base implied allows

Re: ASA5505 and tcp connections drops.?

rcordeiro — Fri, 30 Jul 2010 09:17:30 GMT

Hi,

My problem was with connections to a database, if the connections reached the idle limit the firewall closes the connection and next time someone did something on the appliacation.

I solved this creating a "Service Application Rule" with a ACL to the interesting traffic and defining 5 hours for the connection timeout (if someone leave the application idle for more than 5 hour it could easily restart it).

Regards,

Rui Cordeiro

Re: ASA5505 and tcp connections drops.?

Michichael — Fri, 30 Jul 2010 15:54:22 GMT

rcordeiro wrote:

Hi,

My problem was with connections to a database, if the connections reached the idle limit the firewall closes the connection and next time someone did something on the appliacation.

Regards,

Rui Cordeiro

Thanks for the info Rui, unfortunately, I don't think this is the case here. I'll have to keep looking.

This problem happens randomly - download a youtube video and it will just stop at a random point and you have to refresh the page. Do so and it might work, or might stop at a different point.

Remote desktop to my home server, same thing.

The connections die with a RESET-I logged, but I don't see any reason for the reset.