Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5393
Views
0
Helpful
1
Replies

ASA reset-I and reset-O

Lewis Quin
Level 1
Level 1

‎03-11-2015 05:42 AM - edited ‎03-11-2019 10:37 PM

Hi there, 

I have a couple of questions regarding Reset-I and Reset-O messages on the Cisco ASA.  I read a document that Reset-I will appear on the ASA if the inside host resets the connection, but what denotes an 'Inside' host?  Is the inside host determined based on the context of the connection? for example If a host on the internet initiated a connection to a host in the DMZ, and the internet host sent the reset would this be logged as a 'Reset-I' because although the host was on the internet it was the side initiating the connection.

Also.. the same document said that the Reset was sent to the ASA as an indication to drop the connection, but the hosts wouldnt know about the ASA, so isnt the reset actually sent to the host with which they are communicating?

Last question - What would actually cause a connection to be reset, as it says resets are sent after the TCP connection has been established.

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎03-11-2015 06:04 AM

Hi,

It is actually on the basis of the Security level. If the reset is sent from the Higher Security level , then it will be "RESET-I" and if from the lower level "RESET-O".

I think if you go through this document and the command , you would understand the behavior of ASA sending the RESETS.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s1.html#pgfId-1452931

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card