11-30-2010 10:02 AM - edited 03-11-2019 12:16 PM
While troubleshooting a TelePresence issue, I found the following in a FWSM Log (Ver 3.1(16))
Nov 30 11:10:32 inhouseFW %FWSM-6-302014: Teardown TCP connection 146533671494443748
for VideoVLAN:192.168.194.220/50579 to inhouse:192.168.18.163/5060 duration 0:02:10 bytes 21730 TCP Reset
Nov 30 11:11:21 inhouseFW %FWSM-6-302014: Teardown TCP connection 146533671494443752
for VideoVLAN:192.168.194.220/50617 to inhouse:192.168.18.163/5060 duration 0:02:10 bytes 21048 TCP Reset
Nov 30 11:12:11 inhouseFW %FWSM-6-302014: Teardown TCP connection 146533671494443758 for
VideoVLAN:192.168.194.220/50642 to inhouse:192.168.18.163/5060 duration 0:01:33 bytes 19388 TCP Reset
Now
http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/system/message/logmsgs.html#wp1280675
explains:
TCP Reset-I: Reset was from the inside.
TCP Reset-O: Reset was from the outside.
The TCP Reset message is not documented.
Any idea what "TCP Reset" does mean ? A Connection reset by the SIP fixup / protocol inspection ?
Maybe somebody from Cisco could "grep" through the source ;-)
Regards,
Frank
11-30-2010 12:53 PM
I filed a documentation defect http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsu03630
which got resolved.
Release note:
Symptom:
This is a documentation bug only. FWSM 3.2 syslog documentation for syslog 302014 may not have information for tear down reason TCP Reset.
Conditions:
N/A
Workaround:
None
Further Problem Description:
FWSM-6-302014: Teardown TCP connection 146351710909894826 for INSIDE:10.254.160.24/1817 to OUTSIDE:192.168.219.25/80 duration 0:00:01 bytes 1504 TCP Reset
The above tear down reason TCP Reset may not be explained in the link below:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/system/message/logmsgs_external_docbase_0900e4b1804ca185_4container_external_docbase_0900e4b1805ba0fa.html#wp1280675
Resolved in link below:
The updated versions of the 3.2 and 4.0 System Log Messages Guides with the added setting for TCP Reset is available at the following URLs:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/system/message/logmsgs.html
http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/system/message/logmsgs.html
Symptom: This is a documentation bug only. FWSM 3.2 syslog documentation for syslog 302014 may not have information for tear down reason TCP Reset. Conditions: N/A Workaround: None Further Problem Description: FWSM-6-302014: Teardown TCP connection 146351710909894826 for INSIDE:10.254.160.24/1817 to OUTSIDE:192.168.219.25/80 duration 0:00:01 bytes 1504 TCP Reset The above tear down reason TCP Reset may not be explained in the link below: http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/system/message/logmsgs_external_docbase_0900e4b1804ca185_4container_external_docbase_0900e4b1805ba0fa.html#wp1280675
-KS
12-01-2010 03:13 PM
Hi,
sorry for not checking the doc of newer FWSM Versions before posting here....
The explanation is exactly what I suspected.
Thx a lot !
to go another step further..
Are there any well known inteoperability issues wih FWSM 3.1(16) SIP inspection
and recent Teleprecense / Callmanager Systems (will ask for Versions) ?
Thanks again, Frank
12-01-2010 08:08 PM
Yes. This one http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCso92808
See if this one applies to what you see.
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide