04-08-2015 09:13 AM - edited 03-11-2019 10:44 PM
A few days ago has been presented to me a problem with ASAs consisting deny TCP messages.
This has become critical because apparently the messages samples that attempts to terminate sessions that were already closed but this is impacting the network.
I show one portion of the log message in which messages are displayed with my computer via connections to the ASA ASDM.
Ip Laptop 192.168.20.50
ASDM IP: 10.100.1.26
The same behavior occurs with traffic servers. Although from my PC I can not drop the connection to ASDM session but servers are affected.
Logs
6|Apr 08 2015|09:09:01|106015|192.168.20.50|64580|10.100.1.26|443|Deny TCP (no connection) from 192.168.20.50/64580 to 10.100.1.26/443 flags FIN ACK on interface LAN
6|Apr 08 2015|09:09:01|302014|192.168.20.50|64580|10.100.1.26|443|Teardown TCP connection 102524953 for LAN:192.168.20.50/64580 to identity:10.100.1.26/443 duration 0:00:00 bytes 1167 TCP Reset-O
6|Apr 08 2015|09:09:01|725007|192.168.20.50|64580|||SSL session with client LAN:192.168.20.50/64580 terminated.
6|Apr 08 2015|09:09:01|725002|192.168.20.50|64580|||Device completed SSL handshake with client LAN:192.168.20.50/64580
6|Apr 08 2015|09:09:01|725003|192.168.20.50|64580|||SSL client LAN:192.168.20.50/64580 request to resume previous session.
6|Apr 08 2015|09:09:01|725001|192.168.20.50|64580|||Starting SSL handshake with client LAN:192.168.20.50/64580 for TLSv1 session.
6|Apr 08 2015|09:09:01|302013|192.168.20.50|64580|10.100.1.26|443|Built inbound TCP connection 102524953 for LAN:192.168.20.50/64580 (192.168.20.50/64580) to identity:10.100.1.26/443 (10.100.1.26/443)
I would know that these messages should be
BestRegards,
04-09-2015 07:37 PM
Hi,
I am not sure how is this impacting the network but you should find the reason why these are showing up on the ASA device.
These would simply mean that the ASA device drops a packet which arrived after the ASA device does not even have a connection for that and as this is never a SYN packet , hence it is dropped.
I think you might need to take traces on the ASA device and the PC and see the possible reason why this is happening.
I think this might be due to some timeout values or stuck connections not tearing down correctly.
Thanks and Regards,
Vibhor Amrodia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide