05-12-2015 07:49 AM - edited 03-11-2019 10:55 PM
I've been having a problem with getting microsoft-ds (445/tcp) connectivity between servers at two different sites. It looks like the routing and the firewall rules are setup to allow the traffic, but when I attempt to connect, I'm getting the following behavior:
May 12 14:42:54 myfw %ASA-6-302013: Built inbound TCP connection 225654645 for lab-transit:10.25.240.36/62318 (10.25.240.36/62318) to transit:10.70.10.53/445 (10.70.10.53/445)
May 12 14:43:14 myfw %ASA-6-302014: Teardown TCP connection 225654645 for lab-transit:10.25.240.36/62318 to transit:10.70.10.53/445 duration 0:00:19 bytes 4094 TCP Reset-I
May 12 14:43:14 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:25 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:26 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:27 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:28 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:29 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:30 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:31 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:32 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:33 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:34 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags ACK on interface lab-transit
May 12 14:43:35 myfw %ASA-6-106015: Deny TCP (no connection) from 10.25.240.36/62318 to 10.70.10.53/445 flags RST ACK on interface lab-transit
The time between build and teardown is consistently 19 seconds and this pattern keeps repeating. Has anyone seen this before?
05-12-2015 10:46 AM
I'd setup a captures on the transit and lab-transit interfaces and review both of them in Wireshark. The reset is coming from one side or the other, not from the firewall. Once you determine which one is sending the reset, you can look deeper into that server to find out why.
05-13-2015 10:47 PM
Hi,
To add to Jeff's comment , Once you know why the initial reply is a RESET , these No connections syslog would go away.
As the Other end is still trying to send DATA even though the connections has been removed after the RESET is received on the ASA device.
Notice , the same source port for the RESET log and the no connection log. IO think this is the probable issue and try to find the reason for the RESET and that should resolve the issue.
Thanks and Regards,
Vibhor Amrodia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide