Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
678
Views
0
Helpful
1
Replies

ASA 5510 Message 6-106100 Problems

Natalia Woloseckyj
Level 1
Level 1

‎03-12-2012 05:02 AM - edited ‎03-11-2019 03:40 PM

Recently a system within multiple virtual DMZ's under the same firewall (ASA) are producing a message which I would like some clarification to.

Error 6-106100 is Deny TCP (no connection) from xxx/12502 to xxx/32991 flags FIN ACK on interface xxx

I'm assumming that the SYN and SYN ACK are managing to get through as my error logs don't show this, but the FIN ACK's dont?

Could this be caused by a layer 7 timeout issue (application) or could this be the cause of a timeout issue on the ASA?

I'd like to know how best to troubleshoot this, if anyone can assist?

Thanks,

Natalia

Labels:
0 Helpful
1 Reply 1

Natalia Woloseckyj
Level 1
Level 1

‎03-13-2012 02:14 AM

Can anyone help? I have a feeling that the application that is trying to complete the TCP handshake is sending the final FIN ACK packet on a different session. I know this happens with H323 ansd you use the fixup command on the ASA.

Would a similar thing be needed for this situation, or is this an application layer issue?

Thanks,

Natalia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card