11-28-2012 02:17 PM - edited 03-11-2019 05:29 PM
Hi eveyone,
I am seeing in log
%ASA-4-507003: tcp flow from xx:192.168.x.x/41211 to outside:69.171.224.36/80 terminated by inspection engine, reason - inspector reset unconditionally.
Need to undertsand what does this log mean?
Thanks
MAhesh
Solved! Go to Solution.
11-28-2012 05:21 PM
Hello,
What version are you running?
Are you using a websense?
Julio
11-29-2012 09:16 AM
Hello Mahesh,
Right now we are facing the issue with the websense on the other discussion , can we doble check that the websense is reachable from the ASA and then focus on this..
Check this bug ID:CSCsx79354
Add url-block url-size, url-block url-mempool and add the filter command
with the cgi-truncate option
ex:
filter url 0 0 0 0 cgi-truncate
url-block url-mempool 5
url-block url-size 4
Even the though the page may load with the workaround above, the syslogs
(507003) may still continue to print.
So try the workaround as soon as you got the websense up ( if you keep getting those messages)
11-28-2012 05:21 PM
Hello,
What version are you running?
Are you using a websense?
Julio
11-29-2012 07:29 AM
Hi Julio,
Version is
Cisco Adaptive Security Appliance Software Version 8.0(5)27
Yes we are using websense
11-29-2012 09:16 AM
Hello Mahesh,
Right now we are facing the issue with the websense on the other discussion , can we doble check that the websense is reachable from the ASA and then focus on this..
Check this bug ID:CSCsx79354
Add url-block url-size, url-block url-mempool and add the filter command
with the cgi-truncate option
ex:
filter url 0 0 0 0 cgi-truncate
url-block url-mempool 5
url-block url-size 4
Even the though the page may load with the workaround above, the syslogs
(507003) may still continue to print.
So try the workaround as soon as you got the websense up ( if you keep getting those messages)
11-10-2015 09:26 AM
we are running
Version 9.1(6) and we see the same error
any insight will be greatly appreciate it
02-18-2021 03:01 PM
Another case where the ASA will display the message "terminated by inspection engine" is when the FTP server's reply to the PASV command (which the client sends) contains a different IP address than the packets are coming from. When the ASA sees the packets coming from one IP address and the PASV reply contain a different address in the control response, this will fail inspection and the ASA will reset the connection.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: