Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
431
Views
0
Helpful
2
Replies

Inbound TCP connection denied from 192.168.1.x to 192.168.1.y flags SYN on interface

trylvis123
Level 1
Level 1

‎10-21-2016 12:38 AM - edited ‎03-12-2019 01:26 AM

Hi,

We reviece some logging alerts from our Cisco ASA firewall with the message:

"Inbound TCP connection denied from 192.168.1.x/x to 192.168.1.y/y flags SYN interface intX.

The two hosts is on the same subnet, and I'm wondering why this traffic is blocked.

I've run a packet tracer, which also results in a block. We have a bottom-ACL on this interface which deny traffic from "any" to "any".

Under "Device Setup" -> "Interfaces", "Enable traffic between two or more hosts connected to the same interface" is not enabled. 

Thanks!

Labels:
0 Helpful
2 Replies 2

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎10-21-2016 02:35 AM

Hi,

Yes you need to enable traffic between two or more hosts connected to the same interface.

You can use a CLI command to enable this as well:

same-security-traffic permit intra-interface

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful

trylvis123
Level 1
Level 1
In response to Aditya Ganjoo

‎10-21-2016 03:25 AM

Thank you for the reply,

Can there be any problems by turning on this feature? We do not use these for VPN.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card