Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1640
Views
0
Helpful
2
Replies

TCP Reset -I ASA Packet capture output and Mac address info

Go to solution
mahesh18
Level 6
Level 6

‎07-17-2015 01:23 PM - edited ‎03-11-2019 11:17 PM

 

Hi Everyone,

 

I was troubleshooting the ASA issue where user was getting TCP reset I

I did packet capture on both directions and when i check packet detail it showed vlan info and 2 mac addresses with message FLAG R.

I found that first mac address  and vlan info was of next hop IP address and second mac address was of another firewall which was sending the Reset.

 

Need to confirm with experts here that TCP Reset I always show mac address of next hop and device which send the request?

 

Regards

MAhesh

 

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎07-17-2015 10:07 PM

Hi,

So , what you would have seen would be Src/Dest IP address , Src/Dest MAC address.

Now , if the Source VLAN from where the RESET is coming is in the same subnet as the ASA interface on which the traffic is seen , then the SOURCE VLAN device is sending the RESET otherwise if the SOURCE VLAN information is in different Subnet , then the RESET is being relayed by the L3 Hop in between.

If you can post the actual logs or snap , i would be able to relate it in a better way for you.
FYI:- TCP RESET-I will only be seen when the RESET flag is received from the device on the higher Security Interface.

Thanks and Regards,

Vibhor Amrodia

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎07-17-2015 10:07 PM

Hi,

So , what you would have seen would be Src/Dest IP address , Src/Dest MAC address.

Now , if the Source VLAN from where the RESET is coming is in the same subnet as the ASA interface on which the traffic is seen , then the SOURCE VLAN device is sending the RESET otherwise if the SOURCE VLAN information is in different Subnet , then the RESET is being relayed by the L3 Hop in between.

If you can post the actual logs or snap , i would be able to relate it in a better way for you.
FYI:- TCP RESET-I will only be seen when the RESET flag is received from the device on the higher Security Interface.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Vibhor Amrodia

‎07-28-2015 11:23 AM

Many thanks

 

MAhesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card