cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


152
Views
10
Helpful
4
Replies
Highlighted
Beginner

Cisco ASA TCP Tear Down

Hi All,

 

 Noticed a TCP tear down on my Firewall which came from a anonymous Outside IP and also it deleted few logs 

 

Source was an Outside IP and destination was a client machine 

 

could not find anything on the machine 

 

could anyone help me understand this and how to fix it 

 

I am worried 

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Re: Cisco ASA TCP Tear Down

if your client was as inside domain (nameif inside) in that case ASA act as a statefull firewall means outside connection coming to inside will be block and log in syslogs. unless you have define a access-list on outside interface to let the outside traffic coming in. 

same apply for the DMZ (nameif dmz).

 

 

i think the log you see is someone from outside try to access inside. but the firewall block the connection as said earlier it act as a statefull firewall.   

please do not forget to rate.
4 REPLIES 4
Rising star

Re: Cisco ASA TCP Tear Down

if your client was as inside domain (nameif inside) in that case ASA act as a statefull firewall means outside connection coming to inside will be block and log in syslogs. unless you have define a access-list on outside interface to let the outside traffic coming in. 

same apply for the DMZ (nameif dmz).

 

 

i think the log you see is someone from outside try to access inside. but the firewall block the connection as said earlier it act as a statefull firewall.   

please do not forget to rate.
Beginner

Re: Cisco ASA TCP Tear Down

Hi Sheraz,

 

 Thanks a lot for clarifying on this and I am relieved now

 

But noticed that this event had deleted few logs on the firewall 

any idea on this

Rising star

Re: Cisco ASA TCP Tear Down

by default as does not keep the logs unless you off load them on the syslog server. if you need to do so follow this link 

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html

please do not forget to rate.
Beginner

Re: Cisco ASA TCP Tear Down

thank you