ASA 5520 causing sender timeouts on smtp server

ventivcisco · ‎06-18-2008

We have a new 5520 in place that is causing problems with some inbound email to us from the internet. It is casuing a "sender timeout" message on the Barracuda spam firewall.

I was able to correlate the following messages from the log with the sender timeouts. It appears that the ASA is denying the traffic after the intial connection.

Here are a couple of log messages. It starts out with the ASA tearing down the connection and then denying the next packet in.

1. Teardown TCP connection 67287318 for outside:82.x.y.z/2793 to inside:10.a.b.c/25 duration 0:00:01 bytes 187 TCP FINs

2. Deny TCP (no connection) from 82.x.y.z/2793 to 63.a.b.c/25 flags FIN ACK on interface outside

Thanks

hadbou · ‎06-24-2008

1)The error message "Teardown TCP connection" states that A TCP connection between two hosts was deleted.

refer the following url for more information on the error message"Teardown TCP connection":

http://www.cisco.com/en/US/docs/security/asa/asa81/system/message/81logmsg.html#wp4770614

2)Error Message %ASA-6-106015: Deny TCP (no connection) from IP_address/port to IP_address/port flags tcp_flags on interface interface_name.

Explanation: The security appliance discarded a TCP packet that has no associated connection in the security appliance connection table. The security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the security appliance discards the packet.

Recommended Action: None required unless the security appliance receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent.