Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
179
Views
0
Helpful
1
Replies

Messages Deny TCP cisco ASA

JRGC
Level 1
Level 1

‎04-08-2015 09:13 AM - edited ‎03-11-2019 10:44 PM

A few days ago has been presented to me a problem with ASAs consisting deny TCP messages.

This has become critical because apparently the messages samples that attempts to terminate sessions that were already closed but this is impacting the network.

I show one portion of the log message in which messages are displayed with my computer via connections to the ASA ASDM.

Ip Laptop 192.168.20.50
ASDM IP: 10.100.1.26

 

The same behavior occurs with traffic servers. Although from my PC I can not drop the connection to ASDM session but servers are affected.

 

Logs

6|Apr 08 2015|09:09:01|106015|192.168.20.50|64580|10.100.1.26|443|Deny TCP (no connection) from 192.168.20.50/64580 to 10.100.1.26/443 flags FIN ACK  on interface LAN
6|Apr 08 2015|09:09:01|302014|192.168.20.50|64580|10.100.1.26|443|Teardown TCP connection 102524953 for LAN:192.168.20.50/64580 to identity:10.100.1.26/443 duration 0:00:00 bytes 1167 TCP Reset-O
6|Apr 08 2015|09:09:01|725007|192.168.20.50|64580|||SSL session with client LAN:192.168.20.50/64580 terminated.
6|Apr 08 2015|09:09:01|725002|192.168.20.50|64580|||Device completed SSL handshake with client LAN:192.168.20.50/64580
6|Apr 08 2015|09:09:01|725003|192.168.20.50|64580|||SSL client LAN:192.168.20.50/64580 request to resume previous session.
6|Apr 08 2015|09:09:01|725001|192.168.20.50|64580|||Starting SSL handshake with client LAN:192.168.20.50/64580 for TLSv1 session.
6|Apr 08 2015|09:09:01|302013|192.168.20.50|64580|10.100.1.26|443|Built inbound TCP connection 102524953 for LAN:192.168.20.50/64580 (192.168.20.50/64580) to identity:10.100.1.26/443 (10.100.1.26/443)

 

 

 

I would know that these messages should be

 

 

BestRegards,

 

 

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎04-09-2015 07:37 PM

Hi,

I am not sure how is this impacting the network but you should find the reason why these are showing up on the ASA device.

These would simply mean that the ASA device drops a packet which arrived after the ASA device does not even have a connection for that and as this is never a SYN packet , hence it is dropped.

I think you might need to take traces on the ASA device and the PC and see the possible reason why this is happening.

I think this might be due to some timeout values or stuck connections not tearing down correctly.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card