01-12-2022 09:12 PM
Hello,
I've been getting some alerts from an ASA indicating TCP Reset-I from outside.
Example log:
Teardown TCP connection ######### for outside: 106.75.227[.]154/42982 to identity:192.168.x.x/443 duration 0:00:01 bytes 4200 TCP Reset-I from outside.
I am aware that Reset-I indicates the connection being reset/dropped from inside. My question is, is this an error with the logging format or has anyone seen a "tcp reset-i from outside" before? I can't seem to find anybody who has had this issue.
Thanks
Edit: the actual "identity" IP is not a typical private IP (10.0.0.0, 192.168.0.0, etc)
01-13-2022 03:26 AM
TCP Reset-I
Means the connection was reset from the interface with the higher security level. Usually the inside interface. Normally this means an application layer issues.
check the Logs on this server :192.168.x.x/443 (what ever real one who sending this ? ) is this working internally ?
01-13-2022 07:08 AM
Thanks for your response. So just to clarify, Reset-i from outside indicates an application layer issue? I've only ever seen Reset-i from identity/inside etc. I am confused why it saying the connection was reset from the inside from the outside (essentially).
Thanks
01-13-2022 10:30 AM
Depends on your envrionment wherre source and destination resides, so check as suggested and Logs,
use packet tracer get more visibility.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide