Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3485
Views
0
Helpful
1
Replies

ASA Unexpected 106001 "Inbound TCP connection denied .."

lopsystems
Level 1
Level 1

‎12-01-2010 02:56 AM - edited ‎03-11-2019 12:17 PM

Hello,

I've just installed a Cisco ASA 5505 firewall, with a very basic setup. Everthing works fine, except it's logging a number of unexpected 106001 messages "Inbound TCP connection denied from ..." during normal web browsing.

It looks as though the ASA tears down the TCP connection, and then afterwards recieves more inbound traffic from the connection. For example:-

6|Nov 30 2010|18:18:01|302014|209.85.143.104|80|192.168.1.31|2286|Teardown TCP connection 4046 for outside:209.85.143.104/80 to inside:192.168.1.31/2286 duration 0:00:00 bytes 10790 TCP Reset-I

2|Nov 30 2010|18:18:01|106001|209.85.143.104|80|192.168.1.31|2286|Inbound TCP connection denied from 209.85.143.104/80 to 192.168.1.31/2286 flags PSH ACK  on interface outside

I don't get anything like this on my old PIX 501.

I'm tempted to just set the ASA to stop logging this 106001 message, or at least set the severity down from critical to infomation.

Am I missing something? If there some parameter I should change to stop the ASA closing the connection too quickly? Or is stopping logging the best

approach?

Thanks

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎12-01-2010 06:20 AM

Hi,

I'm not sure if everything is configured correctly, but it could be a normal situation.

This is the error explanation:

1. %ASA-2-106001: Inbound TCP connection denied from IP_address/port to  IP_address/port flags tcp_flags on interface interface_name

An attempt was made to connect to an inside address is denied by the security policy  that is defined for the specified traffic type. The IP address displayed is the real IP address instead  of the IP address that appears through NAT. Possible tcp_flags values correspond to the flags in the  TCP header that were present when the connection was denied. For example, a TCP packet arrived  for which no connection state exists in the adaptive security appliance, and it was dropped. The  tcp_flags in this packet are FIN and ACK.

The tcp_flags are as follows:

  • ACK--The acknowledgment number was received

  • FIN--Data was sent

  • PSH--The receiver passed data to the application

  • RST--The connection was reset

  • SYN--Sequence numbers were synchronized to start a connection

  • URG--The urgent pointer was declared valid


    • Recommended Action: None required. 

    Related documents- No specific documents apply to this error message.

    Federico.

    0 Helpful
    Customers Also Viewed These Support Documents
    Review Cisco Networking for a $25 gift card