Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
988
Views
0
Helpful
2
Replies

Getting 'Deny TCP (no connection)' after session Teardown

jnaglich
Level 1
Level 1

‎05-12-2015 07:49 AM - edited ‎03-11-2019 10:55 PM

I've been having a problem with getting microsoft-ds (445/tcp) connectivity between servers at two different sites.  It looks like the routing and the firewall rules are setup to allow the traffic, but when I attempt to connect, I'm getting the following behavior:

 

May 12 14:42:54 myfw %ASA-6-302013: Built inbound TCP connection 225654645 for lab-transit:10.25.240.36/62318 (10.25.240.36/62318) to transit:10.70.10.53/445 (10.70.10.53/445)
May 12 14:43:14 myfw %ASA-6-302014: Teardown TCP connection 225654645 for lab-transit:10.25.240.36/62318 to transit:10.70.10.53/445 duration 0:00:19 bytes 4094 TCP Reset-I
May 12 14:43:14 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK  on interface lab-transit
May 12 14:43:25 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK  on interface lab-transit
May 12 14:43:26 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK  on interface lab-transit
May 12 14:43:27 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK  on interface lab-transit
May 12 14:43:28 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK  on interface lab-transit
May 12 14:43:29 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK  on interface lab-transit
May 12 14:43:30 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK  on interface lab-transit
May 12 14:43:31 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK  on interface lab-transit
May 12 14:43:32 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK  on interface lab-transit
May 12 14:43:33 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK  on interface lab-transit
May 12 14:43:34 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK  on interface lab-transit
May 12 14:43:35 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags RST ACK  on interface lab-transit

 

The time between build and teardown is consistently 19 seconds and this pattern keeps repeating.  Has anyone seen this before?

Labels:
0 Helpful
2 Replies 2

JEFF SPRADLING
Level 1
Level 1

‎05-12-2015 10:46 AM

I'd setup a captures on the transit and lab-transit interfaces and review both of them in Wireshark.  The reset is coming from one side or the other, not from the firewall.  Once you determine which one is sending the reset, you can look deeper into that server to find out why.

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to JEFF SPRADLING

‎05-13-2015 10:47 PM

Hi,

To add to Jeff's comment , Once you know why the initial reply is a RESET , these No connections syslog would go away.

As the Other end is still trying to send DATA even though the connections has been removed after the RESET is received on the ASA device.

Notice , the same source port for the RESET log and the no connection log. IO think this is the probable issue and try to find the reason for the RESET and that should resolve the issue.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card