Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
783
Views
0
Helpful
3
Replies

Help on TCP-RST I from outside

rdenney
Level 1
Level 1

‎01-12-2022 09:12 PM

Hello,

I've been getting some alerts from an ASA indicating TCP Reset-I from outside.

Example log:

Teardown TCP connection ######### for outside: 106.75.227[.]154/42982 to identity:192.168.x.x/443 duration 0:00:01 bytes 4200 TCP Reset-I from outside.

 

I am aware that Reset-I indicates the connection being reset/dropped from inside. My question is, is this an error with the logging format or has anyone seen a "tcp reset-i from outside" before? I can't seem to find anybody who has had this issue.

Thanks

Edit: the actual "identity" IP is not a typical private IP (10.0.0.0, 192.168.0.0, etc)

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎01-13-2022 03:26 AM

TCP Reset-I
Means the connection was reset from the interface with the higher security level. Usually the inside interface. Normally this means an application layer issues.

 

check the Logs on this server :192.168.x.x/443 (what ever real one who sending this  ? ) is this working internally ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

rdenney
Level 1
Level 1
In response to balaji.bandi

‎01-13-2022 07:08 AM

Thanks for your response. So just to clarify, Reset-i from outside indicates an application layer issue? I've only ever seen Reset-i from identity/inside etc. I am confused why it saying the connection was reset from the inside from the outside (essentially). 

Thanks

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to rdenney

‎01-13-2022 10:30 AM

Depends on your envrionment wherre source and destination resides, so check as suggested and Logs,

 

use packet tracer get more visibility.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card