cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
423
Views
0
Helpful
0
Replies

ASA 5540 strange TCP connection establishment

Hello there, i've got a really srange issue with ASA 5540 active/standby cluster (actually with active ASA). Lets say there is inside and outside interfaces. Host 10.20.60.16 is behind inside intefrace and it successfully establishes TCP connection with host 10.20.46.25 which is actually a remote VPN client terminated on outside interface. Everything works fine, ASA generated logs about successfull TCP build/teardown connection, however ASA generated additional logs indicatitng that same connection establishment attempt was detected on the outside!! interface. Please refer to log below or download the .doc file attached. I'll be glad to read your ideas about the issue.

Apr 5, 2013 10:35:57 AM EEST

<164>Apr 05 2013 09:36:32: %ASA-4-106023: Deny tcp src outside:10.20.60.16/41031 dst outside:10.20.46.25/3400   by access-group "outside_access_in-2" [0xb17077f4, 0x0]

Apr 5, 2013 10:35:57   AM EEST

<166>Apr 05 2013 09:36:32: %ASA-6-302013: Built inbound TCP connection   3060387131 for inside:10.20.60.16/41031   (10.20.60.16/41031) to outside:   10.20.46.25/3400 (10.20.46.25/3400)

Apr 5, 2013 10:36:00 AM EEST

<164>Apr 05 2013 09:36:35: %ASA-4-106023: Deny tcp src outside:10.20.60.16/41031 dst outside: 10.20.46.25/3400   by access-group " outside _access_in-2" [0xb17077f4, 0x0]

Apr 5, 2013 10:36:06 AM EEST

<164>Apr 05 2013 09:36:41: %ASA-4-106023: Deny tcp src outside:10.20.60.16/41031 dst outside: 10.20.46.25/3400   by access-group " outside _access_in-2" [0xb17077f4, 0x0]

Apr 5, 2013 10:36:18 AM EEST

<164>Apr 05 2013 09:36:53: %ASA-4-106023: Deny tcp src outside:10.20.60.16/41031 dst outside: 10.20.46.25/3400   by access-group " outside _access_in-2" [0xb17077f4, 0x0]

Apr 5, 2013 10:36:27 AM EEST

<166>Apr 05 2013 09:37:02: %ASA-6-302014: Teardown TCP connection 3060387131   for inside:10.20.60.16/41031 to gate: 10.20.46.25/3400 duration   0:00:30 bytes 0 SYN Timeout

Apr 5, 2013 10:36:42 AM EEST

<164>Apr 05 2013 09:37:17: %ASA-4-106023: Deny tcp src outside:10.20.60.16/41031 dst outside: 10.20.46.25/3400   by access-group " outside _access_in-2" [0xb17077f4, 0x0]

Regards,

Alex

Everyone's tags (5)