Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9473
Views
0
Helpful
1
Replies

TCP Reset-O - which is the outside interface?

tom.kivlin
Level 1
Level 1

‎11-14-2011 08:23 AM - edited ‎03-11-2019 02:50 PM

Hi all,

I'm troubleshooting a peculiar problem and have got to the firewall logs and have confused myself. Here is the specific output that I'm referring to:

2011-11-14 11:42:16         Local4.Info            x.x.x.x        Nov 14 2011 11:42:16: %ASA-6-302014: Teardown TCP connection 3510106301 for INT-AAAA:a.a.a.a/54534 to INT-BBBB:b.b.b.b/443 duration 0:00:04 bytes 108 TCP Reset-O 

The "TCP Reset-O", from what I've read, means that the reset was received on the outside interface, so was generated by something on that interface, correct?

The problem is, both of those interfaces have the same security level of 100, and the "Enable traffic between two or more interfaces which are configured with the same security level" option is enabled - this reset is an intermittent thing for a particular TCP stream, not for everything.

Is there any other way of determining which interface is classed as the 'outside' with regards the Reset-O (and Reset-I) commands, when both interfaces share the same security level?

Thanks in advance,

Tom

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

‎11-14-2011 11:28 AM

If you place a capture, you will be able to see which one is sending the RST packet.

https://supportforums.cisco.com/docs/DOC-1222

You will be able to see an R flag, that will tell you which one is sending the packet.

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card