Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1297
Views
10
Helpful
4
Replies

Cisco ASA TCP Tear Down

Go to solution
giridar
Level 1
Level 1

‎09-10-2019 09:49 PM - edited ‎02-21-2020 09:29 AM

Hi All,

 

 Noticed a TCP tear down on my Firewall which came from a anonymous Outside IP and also it deleted few logs 

 

Source was an Outside IP and destination was a client machine 

 

could not find anything on the machine 

 

could anyone help me understand this and how to fix it 

 

I am worried 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP

‎09-11-2019 08:01 AM

if your client was as inside domain (nameif inside) in that case ASA act as a statefull firewall means outside connection coming to inside will be block and log in syslogs. unless you have define a access-list on outside interface to let the outside traffic coming in. 

same apply for the DMZ (nameif dmz).

 

 

i think the log you see is someone from outside try to access inside. but the firewall block the connection as said earlier it act as a statefull firewall.   

please do not forget to rate.

View solution in original post

4 Replies 4

Go to solution
Sheraz.Salim
VIP
VIP

‎09-11-2019 08:01 AM

if your client was as inside domain (nameif inside) in that case ASA act as a statefull firewall means outside connection coming to inside will be block and log in syslogs. unless you have define a access-list on outside interface to let the outside traffic coming in. 

same apply for the DMZ (nameif dmz).

 

 

i think the log you see is someone from outside try to access inside. but the firewall block the connection as said earlier it act as a statefull firewall.   

please do not forget to rate.

Go to solution
giridar
Level 1
Level 1
In response to Sheraz.Salim

‎09-11-2019 09:59 PM

Hi Sheraz,

 

 Thanks a lot for clarifying on this and I am relieved now

 

But noticed that this event had deleted few logs on the firewall 

any idea on this

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to giridar

‎09-12-2019 12:45 AM

by default as does not keep the logs unless you off load them on the syslog server. if you need to do so follow this link 

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html

please do not forget to rate.

Go to solution
giridar
Level 1
Level 1
In response to Sheraz.Salim

‎09-12-2019 01:13 AM

thank you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card