Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
0
Helpful
1
Replies

ASA seems to close connection to Messagelabs proxy

Marcel Nobel
Level 1
Level 1

‎12-16-2014 02:29 AM - last edited on ‎03-25-2019 05:54 PM by Community Manager

Hi,

We use a Cisco ASA. We use an external proxy server from Messagelabs (Symantec). Our clients are configured to use this proxy server. Since a few weeks we are having problems downloading large files. When we talked to Messagelabs about this the confirmed the changed something in their configuration. They now first download the complete file and scan it. During the download at messagelabs it seems the ASA closes the connection. In the log I see the following:

Deny TCP (no connection) from 85.158.139.102/3128 to NIC-Public/21121 flags PSH ACK  on interface outside

Does anybody know what I change on the ASA to make this work?

 

Best Regards, Marcel

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎12-17-2014 03:39 AM

Hi,

So as this Syslog might show you as well , would mean that when this PSH ACK is received on the ASA device , it does not have any established connections for the IP addresses and hence drops it.

Now , that can be because of various reasons , like possible asymmetric routing , connection timeouts etc.

I think to get to the bottom of this issue , you would need to trace the file transfer and see why this connection is being dropped in the first place.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card