Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1992
Views
0
Helpful
4
Replies

TCP RESET -I Cisco ASA 5505 running 823-k8

aaziz2016
Level 1
Level 1

‎05-19-2016 01:39 PM - edited ‎03-12-2019 12:46 AM

Hello Newbie here.

I am dealing with a client who has a Cisco ASA 5505 and we use a rsync_wrapper that basically sends their data over the wire to our data center. This is the only client where we are running into the following issue

"Teardown TCP connection 165389991 for outside:162.x.x.x/4018 to inside:192.168.0.226/55016 duration 0:39:54 bytes 90011062 TCP Reset-I"

some more

We then see the firewall destroy the connection:
2016-05-18 01:50:15   Local4.Info      192.168.0.2     %ASA-6-302014: Teardown TCP connection 165427669 for outside:162.x.x.x/4018 to inside:192.168.0.226/55152 duration 1:05:22 bytes 481879286 TCP Reset-I
 
Followed by a session recreation:
2016-05-18 01:50:31   Local4.Info      192.168.0.2     %ASA-6-302013: Built outbound TCP connection 165460204 for outside:162.x.x.x/4018 (162.x.x.x/4018) to inside:192.168.0.226/55301 (172.16.10.75/29672)
 

The rsync get restart when it tries to scan and send large edb databases, it keeps resetting every 30 min or so. I am puzzled and can't seem to find a possible solution. Our rsync_wrapper simply send data to 162.x.x.x using port 4018, i am confident that it is the ASA because if i replaced with any other basic firewall. It simply just works.

Any help will be highly appreciated

Arsi

Labels:
0 Helpful
4 Replies 4

aaziz2016
Level 1
Level 1

‎05-19-2016 03:12 PM

Any clues plz?

0 Helpful

Rishabh Seth
Level 7
Level 7
In response to aaziz2016

‎05-20-2016 10:14 AM

Hi,

Based on the syslog message 302014 it looks like that the host on inside is sending reset and that is what is causing asa to clear session.

Now, you have mentioned that removing asa with other firewall resolves the problem. Can you verify and share what changes in the traffic flow when you replace the firewall. Also check on the internal host logs to identify the reason for disconnection. 

I have personally seen some issues where timeout on the application causes the reset of the connection so you can try running wireshark for the entire session on the end client and check what happens just before reset of connection and if you notice latency causing the reset of connection then you can tweak timeout on the application.

Based on the syslog the issue seems to be with internal host.

Hope it helps.

RS

Rate if it helps.

0 Helpful

Massimo Baschieri
Level 3
Level 3

‎05-19-2016 09:16 PM

Did you check tcp timeouts?

Maybe the session gets idle for enough time to trigger a timeout

0 Helpful

aaziz2016
Level 1
Level 1
In response to Massimo Baschieri

‎05-20-2016 09:46 AM

Hi Massimo,

Thank you for the response, TCP timeout was the first thing i set to 4 hours, but unfortunately it is still happening.

Arsi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card