Strange issue with FSWM

perpignanetworking · ‎08-11-2010

Hi all,

I have a 4 ACS server beside a FWSM, and i can´t reach one of these 4 server on port 61616 from outside the protected area. ACL are correctly in place. I have create a loopback with source IP in the switch the FWSM belongs and originate my test from that loopback (telnet, traceroute) in the meantime i was checking the logs in the FWSM, and i got the following:

6|Aug 11 2010|15:40:31|302014|10.134.21.1|10.63.79.68|Teardown TCP connection 146582698546271540 for outside:xx.xx.xx.xx/15361 to fwlb:yy.yy.yy.yy/61616 duration 0:00:00 bytes 184 TCP Reset-O
6|Aug 11 2010|15:40:31|302014|10.134.21.1|10.63.79.68|Teardown TCP connection 146582698546271540 for outside:xx.xx.xx.xx/15361 to fwlb:yy.yy.yy.yy/61616 duration 0:00:00 bytes 184 TCP Reset-O
6|Aug 11 2010|15:40:31|302013|10.134.21.1|10.63.79.68|Built inbound TCP connection 146582698546271540 for outside:xx.xx.xx.xx/15361 (xx.xx.xx.xx/15361) to fwlb:yy.yy.yy.yy/61616 (yy.yy.yy.yy/61616)
6|Aug 11 2010|15:40:31|302013|10.134.21.1|10.63.79.68|Built inbound TCP connection 146582698546271540 for outside:xx.xx.xx.xx/15361 (xx.xx.xx.xx/15361) to fwlb:yy.yy.yy.yy/61616 (yy.yy.yy.yy/61616)

Other servers can reach this server on this port. Issue is only with one source.

Does someone has a clue about what could be happening ?

Thanks in advance.

Kureli Sankar · ‎08-11-2010

Benjamin,

I see Reset-O meaning the rest is coming from the lower security interface.

Could you pls. try to collect captures on the FWSM and see what might be going on?

Here is the link for packet capture ASA/PIX/FWSM: https://supportforums.cisco.com/docs/DOC-1222

-KS