09-11-2019 11:00 PM
Hello ,
<164>Sep 03 2019 13:43:18: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]
<164>Sep 03 2019 13:43:18: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]
<164>Sep 03 2019 13:43:17: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]
I get three packets before the source port changes. Could you please help me to know why three packets are being send with the same source port?
09-12-2019 12:37 AM
looking into the above logs.
the flow of traffic coming in as
---------Inside-------------ASA-FW----------Outside
Inside_access_in
you have define inside_access_in on inside interface as inbound. now on this access-list you tcp port 3031 is denied. unless you define a rule to allow tcp port 3031. this is your problem.
the problem you see the same packet is because firewall is denied the syn packet coming from server/pc but pc/server again sending it. you also need to check your asp-drop.
however, best is to allow the rule.
09-16-2019 02:43 AM
Ok, But still why 3 SYN packets with the same source port ?
09-16-2019 03:47 AM
Ok, But still why 3 SYN packets with the same source port ?
because the client server/pc is sending a syn to start communicate and sending SYN request as the Firewall is blocking it and drop the request. so the client server/pc have no idea that why its keep sending SYN.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: