Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
32851
Views
5
Helpful
1
Replies

TCP teardown by TCP Reset-O

jesper_petersen
Beginner
Beginner

‎08-30-2012 05:24 AM - edited ‎03-11-2019 04:47 PM

Hello folks

Can any of you help me interpret what the following log entry means (look at the description field)?

tcp_reset-o.png

Does the O in Reset stand for "outside" og "outgoing" or something else?

To me the the line says that 10.101.85.152 is sending the TCP RST packet. The firewall receives the packet and closes the connection. Am I correct?

Does the firewall notify the other end of the flow that the connection has been forcefully closed?

Now take a look at the image below. If I'm correct, then it appears that the client (10.101.85.152) is trying to use a connection that it had aldready closed the hard way? Or perhaps the underlying OS closed the connection without informing the application or the application ignored the nofitication?

tcp-noconn.png

Am I correct in my assumptions?

Any help is appreciated.

Best regards

Jesper

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎08-30-2012 06:43 AM

Reset-O means that the Reset is from the Outside.

Here is the syslog messages for your reference:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/system/message/logmsgs_external_docbase_0900e4b18059d73b_4container_external_docbase_0900e4b180ef4f45.html#wp1280675

The logs means that the firewall already torn down the connection and it receives the ACK afterwards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents