Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
34222
Views
5
Helpful
1
Replies

TCP teardown by TCP Reset-O

jesper_petersen
Level 1
Level 1

‎08-30-2012 05:24 AM - edited ‎03-11-2019 04:47 PM

Hello folks

Can any of you help me interpret what the following log entry means (look at the description field)?

tcp_reset-o.png

Does the O in Reset stand for "outside" og "outgoing" or something else?

To me the the line says that 10.101.85.152 is sending the TCP RST packet. The firewall receives the packet and closes the connection. Am I correct?

Does the firewall notify the other end of the flow that the connection has been forcefully closed?

Now take a look at the image below. If I'm correct, then it appears that the client (10.101.85.152) is trying to use a connection that it had aldready closed the hard way? Or perhaps the underlying OS closed the connection without informing the application or the application ignored the nofitication?

tcp-noconn.png

Am I correct in my assumptions?

Any help is appreciated.

Best regards

Jesper

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎08-30-2012 06:43 AM

Reset-O means that the Reset is from the Outside.

Here is the syslog messages for your reference:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/system/message/logmsgs_external_docbase_0900e4b18059d73b_4container_external_docbase_0900e4b180ef4f45.html#wp1280675

The logs means that the firewall already torn down the connection and it receives the ACK afterwards.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card