Hi Ibrahim,

Here is the explaination for the syslog message that you saw:

Error Message    %ASA-6-302014: Teardown TCP connection id for 
interface:real-address/real-port to interface:real-address/real-port duration 
hh:mm:ss bytes bytes [reason] [(user)]

Explanation   A TCP connection between two hosts was deleted. The following list describes the  message values:

•id —A unique identifier

•interface, real-address, real-port—The actual socket

•duration—The lifetime of the connection

•bytes—The data transfer of the connection

•user—The AAA name of the user

Explanation   This new message is paired with "DPD R-U-THERE" message 715036, which logs the  DPD sending messages.

•group_name—The peer's VPN group name

•client—The peer's username

•IP_address—IP address of the VPN peer

•message_type—The message type ("DPD R-U-THERE" or "DPD R-U-THERE-ACK")

•number—The DPD sequence number

Two possible cases:

•Received peer sending "DPD R-U-THERE" message

•Received peer reply "DPD R-U-THERE-ACK" message

Be aware of the following:

•The "DPD R-U-THERE" message is received and its sequence number matches the outgoing DPD reply messages.

If the adaptive security appliance sends a "DPD R-U-THERE-ACK" message  without first receiving a "DPD R-U-THERE" message from the peer, it is  likely experiencing a security breech.

•The received "DPD R-U-THERE-ACK" message's sequence number is matched with previously sent DPD messages.

If the adaptive security appliance did not receive a "DPD R-U-THERE-ACK"  message within a reasonable amount of time after sending a "DPD  R-U-THERE" message to the peer, the tunnel is most likely down.

here is the link explaining all the syslog messages generated by the ASA:

http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html

Hope this helps.

Regards,

Som

P.S. Please mark this post as resolved if this has answered your question. Do rate the helpful posts. Thanks.