cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
226
Views
0
Helpful
1
Replies

ASA5505 - asa916-1-K8 : Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK on interface

Gilles Archer
Level 1
Level 1

Host yy.yy.yy.80 is a unique /24 range on a perimeter ASA (VPN/DHCP).

Host xx.xx.xx.29 is a unique routable host behind the ASA5505 (logs below).  The router in front of this ASA has one path to the ASA VPN, so I'm positive it is not a asymmetrical routing issue.

The xx.xx.xx.29 host is accessible via HTTP.  The logon page renders correctly.  The user can log in without issue.  However, at successful logon, the browser downloads Silverlight components and eventually errors out.

To troubleshoot, the access-list is set to allow the entire yy.yy.yy.yy/24 network to access host xx.xx.xx.29 by IP.  The same errors occur when the ACL is tcp and specific to www (http/80).

 

May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52400) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-7-609001: Built local-host corp:yy.yy.yy.80
May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52400) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8906 for corp:yy.yy.yy.80/52400 (yy.yy.yy.80/52400) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52401) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52401) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8907 for corp:yy.yy.yy.80/52401 (yy.yy.yy.80/52401) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8906 for corp:yy.yy.yy.80/52400 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 1549 TCP FINs
May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52402) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52402) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8908 for corp:yy.yy.yy.80/52402 (yy.yy.yy.80/52402) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:03:56 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8907 for corp:yy.yy.yy.80/52401 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 5326 TCP FINs
May 04 2015 11:03:57 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52403) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:03:57 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52403) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:03:57 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8909 for corp:yy.yy.yy.80/52403 (yy.yy.yy.80/52403) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:01 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52404) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:01 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52404) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:01 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8911 for corp:yy.yy.yy.80/52404 (yy.yy.yy.80/52404) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:01 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8911 for corp:yy.yy.yy.80/52404 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 554 TCP FINs
May 04 2015 11:04:01 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52405) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:01 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52405) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:01 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8912 for corp:yy.yy.yy.80/52405 (yy.yy.yy.80/52405) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:01 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8912 for corp:yy.yy.yy.80/52405 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 5354 TCP FINs
May 04 2015 11:04:07 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8909 for corp:yy.yy.yy.80/52403 to dids_plc:xx.xx.xx.29/80 duration 0:00:10 bytes 295420 TCP FINs
May 04 2015 11:04:07 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8908 for corp:yy.yy.yy.80/52402 to dids_plc:xx.xx.xx.29/80 duration 0:00:11 bytes 96719 TCP FINs
May 04 2015 11:04:07 ABDIDSB01ASA01 : %ASA-7-609002: Teardown local-host corp:yy.yy.yy.80 duration 0:00:11
May 04 2015 11:04:07 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52406) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:07 ABDIDSB01ASA01 : %ASA-7-609001: Built local-host corp:yy.yy.yy.80
May 04 2015 11:04:07 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52406) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:07 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8913 for corp:yy.yy.yy.80/52406 (yy.yy.yy.80/52406) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8913 for corp:yy.yy.yy.80/52406 to dids_plc:xx.xx.xx.29/80 duration 0:00:05 bytes 695522 TCP Reset-O
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-7-609002: Teardown local-host corp:yy.yy.yy.80 duration 0:00:05
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52407) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-7-609001: Built local-host corp:yy.yy.yy.80
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52407) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8914 for corp:yy.yy.yy.80/52407 (yy.yy.yy.80/52407) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52406 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8914 for corp:yy.yy.yy.80/52407 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 5189 TCP FINs
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-7-609002: Teardown local-host corp:yy.yy.yy.80 duration 0:00:00
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52408) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-7-609001: Built local-host corp:yy.yy.yy.80
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52408) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:13 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8915 for corp:yy.yy.yy.80/52408 (yy.yy.yy.80/52408) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:15 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52409) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:15 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52409) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:15 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8916 for corp:yy.yy.yy.80/52409 (yy.yy.yy.80/52409) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:15 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8916 for corp:yy.yy.yy.80/52409 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 859 TCP FINs
May 04 2015 11:04:15 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52410) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:15 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52410) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:15 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8917 for corp:yy.yy.yy.80/52410 (yy.yy.yy.80/52410) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:15 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8917 for corp:yy.yy.yy.80/52410 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 5217 TCP FINs
May 04 2015 11:04:15 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52411) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:15 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52411) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:15 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8918 for corp:yy.yy.yy.80/52411 (yy.yy.yy.80/52411) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:18 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8915 for corp:yy.yy.yy.80/52408 to dids_plc:xx.xx.xx.29/80 duration 0:00:05 bytes 303314 TCP FINs
May 04 2015 11:04:18 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52408 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:18 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52412) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:18 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52412) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:18 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8919 for corp:yy.yy.yy.80/52412 (yy.yy.yy.80/52412) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:18 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52408 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:18 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52413) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:18 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52413) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:18 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8920 for corp:yy.yy.yy.80/52413 (yy.yy.yy.80/52413) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:18 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8919 for corp:yy.yy.yy.80/52412 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 5189 TCP FINs
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52414) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52414) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8921 for corp:yy.yy.yy.80/52414 (yy.yy.yy.80/52414) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8918 for corp:yy.yy.yy.80/52411 to dids_plc:xx.xx.xx.29/80 duration 0:00:05 bytes 443283 TCP FINs
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52411 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52411 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52411 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52411 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52411 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52411 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52411 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52415) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52415) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8922 for corp:yy.yy.yy.80/52415 (yy.yy.yy.80/52415) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8921 for corp:yy.yy.yy.80/52414 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 5243 TCP FINs
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52411 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52416) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52416) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:20 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8923 for corp:yy.yy.yy.80/52416 (yy.yy.yy.80/52416) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:23 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52417) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:23 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52417) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:23 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8924 for corp:yy.yy.yy.80/52417 (yy.yy.yy.80/52417) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:23 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8924 for corp:yy.yy.yy.80/52417 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 1882 TCP FINs
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52418) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52418) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8925 for corp:yy.yy.yy.80/52418 (yy.yy.yy.80/52418) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8920 for corp:yy.yy.yy.80/52413 to dids_plc:xx.xx.xx.29/80 duration 0:00:05 bytes 544382 TCP Reset-O
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:24 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52413 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:25 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52419) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:25 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52419) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:25 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8926 for corp:yy.yy.yy.80/52419 (yy.yy.yy.80/52419) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:25 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8923 for corp:yy.yy.yy.80/52416 to dids_plc:xx.xx.xx.29/80 duration 0:00:05 bytes 0 TCP FINs
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8922 for corp:yy.yy.yy.80/52415 to dids_plc:xx.xx.xx.29/80 duration 0:00:05 bytes 562722 TCP FINs
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52420) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52420) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8927 for corp:yy.yy.yy.80/52420 (yy.yy.yy.80/52420) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8926 for corp:yy.yy.yy.80/52419 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 5243 TCP FINs
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52415 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52421) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52421) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:26 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8928 for corp:yy.yy.yy.80/52421 (yy.yy.yy.80/52421) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-7-106100: access-list corp_in permitted tcp corp/yy.yy.yy.80(52422) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xd1cdea9e, 0x0]
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-7-106100: access-list dids_plc_out permitted tcp corp/yy.yy.yy.80(52422) -> dids_plc/xx.xx.xx.29(80) hit-cnt 1 first hit [0xe4ee5b87, 0x0]
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-302013: Built inbound TCP connection 8930 for corp:yy.yy.yy.80/52422 (yy.yy.yy.80/52422) to dids_plc:xx.xx.xx.29/80 (xx.xx.xx.29/80)
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8928 for corp:yy.yy.yy.80/52421 to dids_plc:xx.xx.xx.29/80 duration 0:00:05 bytes 0 TCP FINs
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8930 for corp:yy.yy.yy.80/52422 to dids_plc:xx.xx.xx.29/80 duration 0:00:00 bytes 1910 TCP FINs
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8927 for corp:yy.yy.yy.80/52420 to dids_plc:xx.xx.xx.29/80 duration 0:00:05 bytes 763582 TCP FINs
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:31 ABDIDSB01ASA01 : %ASA-6-106015: Deny TCP (no connection) from yy.yy.yy.80/52420 to xx.xx.xx.29/80 flags RST ACK  on interface corp
May 04 2015 11:04:42 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8925 for corp:yy.yy.yy.80/52418 to dids_plc:xx.xx.xx.29/80 duration 0:00:18 bytes 58876 TCP Reset-O
May 04 2015 11:04:42 ABDIDSB01ASA01 : %ASA-7-609002: Teardown local-host corp:yy.yy.yy.80 duration 0:00:28

 

1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

I think this is the probable reason for the failure of the connection. If you check all the syslog with RESET-O , this means that the RESET for the connection was sent form the host behind the interface with the lower security level between the corp and dids_plc interface.

The syslog with no connection message are because of this termination of the connection.

Thanks and Regards,

Vibhor Amrodia

May 04 2015 11:04:42 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8925 for corp:yy.yy.yy.80/52418 to dids_plc:xx.xx.xx.29/80 duration 0:00:18 bytes 58876 TCP Reset-O - See more at: https://supportforums.cisco.com/discussion/12498296/asa5505-asa916-1-k8-deny-tcp-no-connection-yyyyyy8052406-xxxxxx2980-flags-rst#sthash.WW8zdWln.dpuf
 
May 04 2015 11:04:42 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8925 for corp:yy.yy.yy.80/52418 to dids_plc:xx.xx.xx.29/80 duration 0:00:18 bytes 58876 TCP Reset-O - See more at: https://supportforums.cisco.com/discussion/12498296/asa5505-asa916-1-k8-deny-tcp-no-connection-yyyyyy8052406-xxxxxx2980-flags-rst#sthash.WW8zdWln.dpuf
May 04 2015 11:04:42 ABDIDSB01ASA01 : %ASA-6-302014: Teardown TCP connection 8925 for corp:yy.yy.yy.80/52418 to dids_plc:xx.xx.xx.29/80 duration 0:00:18 bytes 58876 TCP Reset-O - See more at: https://supportforums.cisco.com/discussion/12498296/asa5505-asa916-1-k8-deny-tcp-no-connection-yyyyyy8052406-xxxxxx2980-flags-rst#sthash.WW8zdWln.dpuf
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: