Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
202
Views
0
Helpful
2
Replies

Teardown TCP Connection on ASA

tanmoymm91
Level 1
Level 1

‎05-03-2024 05:49 AM

Hi Network Greats,

I observed below syslog events on one of ASA device .

<190>May 03 2024 12:19:10 ICRA-ASA-PRI : %ASA-6-302016: Teardown UDP connection 9832480 for OUTSIDE:65.49.1.115/55845 to identity:10.10.100.4/500 duration 0:02:24 bytes 608

Does this signify that the connection was built out on ASA or connection was terminated.

What the exact difference between deny and tear down?

 Thanks,

 

 

0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎05-03-2024 06:08 AM

These are different

Deny permit is for ACL

Teardown or build connection is for CONN table'

Now what you see is traffic from outside to identity (i.e. ASA itself) and traffic is UDP and port is 500 i.e. it is IPSec VPN port' and traffic is teardown i.e. the VPN is down for reason

MHM

0 Helpful

Jerome BERTHIER
Level 1
Level 1

‎05-06-2024 10:06 AM

Hi

This syslog event indicates that the state of an UDP "session" was deleted from the connection state of the ASA.

Here the documentation : https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs3.html#con_4770749

You can use the command "sh conn" to check the connection states.

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card