Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3499
Views
0
Helpful
2
Replies

ASA 5505 TCP Reset-0

Shane Riley
Level 1
Level 1

‎10-09-2013 07:40 AM - edited ‎03-11-2019 07:49 PM

Hey folks,

having a bit of issue, i am troubleshooting a problem.

I have 2 interfaces on the ASA.

  1. Inside (192.168.190.0/24)
  2. Guest (10.10.10.0/24)

I can ping the server on the Inside interface (192.168.190.27) from the Guest interface.. but when i try to access the server with http/https no access there.

The server is a Windows server 2008, i tried turning of the firewall but that didn't help

I did a netstat  on the server and for some reason the handshake is stuck in syn-recieved state

I have been monitoring the log on the asdm see pic.. RST.png

Its a bunch of RST packets with TCP reset-0.. What can be the cause of this?

Good to know information

Asa Version: 8.0(4)

Model: 5505

Inside Interface:

Secuirty level 100

Vlan1

Guest Interface:

Security Level 40

vlan23

I did a packet trace and the packet should be allowed..

So any tips and tricks

Thanks

Shane

Labels:
Preview file
18 KB
0 Helpful
2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

‎10-09-2013 09:34 AM

Hi,

To my understanding the TCP Reset-O refers to a situation where the host behind the interface with the lower "security-level" Reset the TCP connection.

In this case it would mean that the host connecting to the server does the TCP Reset. I am not quite sure why it would do this. More typical to see the server do the TCP Reset.

Have you tested the connection from any other host or behind any other interface?

- Jouni

0 Helpful

Anas Hijjawi
Level 1
Level 1

‎10-09-2013 10:48 AM

Cisco definition for tis messages:

The security appliance discarded a TCP packet that has no associated connection in the security appliance connection table. The security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the security appliance discards the packet.


Recommended Action None required unless the security appliance receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent.

I beleive you need to verify the source is snding a valid packets

Thanks, Anas *--* Please rate the useful post,its free ;) *--*
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card