Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8091
Views
10
Helpful
5
Replies

TCP flow terminated by inspection Engine.

Go to solution
mahesh18
Level 6
Level 6

‎11-28-2012 02:17 PM - edited ‎03-11-2019 05:29 PM

Hi eveyone,

I am seeing in log

%ASA-4-507003: tcp flow from xx:192.168.x.x/41211 to outside:69.171.224.36/80 terminated by inspection engine, reason - inspector reset unconditionally.

Need to undertsand what does this log mean?

Thanks

MAhesh

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-28-2012 05:21 PM

Hello,

What version are you running?

Are you using a websense?

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎11-29-2012 09:16 AM

Hello Mahesh,

Right now we are facing the issue with the websense on the other discussion , can we doble check that the websense is reachable from the ASA and then focus on this..

Check this bug ID:CSCsx79354

Add url-block url-size, url-block url-mempool and add the filter command

with the cgi-truncate option


ex:

filter url 0 0 0 0 cgi-truncate

url-block url-mempool 5

url-block url-size 4


Even the though the page may load with the workaround above, the syslogs

(507003) may still continue to print.

So try the workaround as soon as you got the websense up ( if you keep getting those messages)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

5 Replies 5

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-28-2012 05:21 PM

Hello,

What version are you running?

Are you using a websense?

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎11-29-2012 07:29 AM

Hi Julio,

Version is

Cisco Adaptive Security Appliance Software Version 8.0(5)27

Yes we are using websense

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎11-29-2012 09:16 AM

Hello Mahesh,

Right now we are facing the issue with the websense on the other discussion , can we doble check that the websense is reachable from the ASA and then focus on this..

Check this bug ID:CSCsx79354

Add url-block url-size, url-block url-mempool and add the filter command

with the cgi-truncate option


ex:

filter url 0 0 0 0 cgi-truncate

url-block url-mempool 5

url-block url-size 4


Even the though the page may load with the workaround above, the syslogs

(507003) may still continue to print.

So try the workaround as soon as you got the websense up ( if you keep getting those messages)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
pedro.sanchez
Level 1
Level 1
In response to Julio Carvajal

‎11-10-2015 09:26 AM

we are running 

 Version 9.1(6) and we see the same error 

any insight will be greatly appreciate it 

0 Helpful

Go to solution
jhubel@midwave
Level 1
Level 1
In response to pedro.sanchez

‎02-18-2021 03:01 PM

Another case where the ASA will display the message "terminated by inspection engine" is when the FTP server's reply to the PASV command (which the client sends) contains a different IP address than the packets are coming from.  When the ASA sees the packets coming from one IP address and the PASV reply contain a different address in the control response, this will fail inspection and the ASA will reset the connection.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card