Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1050
Views
10
Helpful
3
Replies

AnyConnect sessions ending with "Flow closed by inspection"

CiscoMedMed
Level 1
Level 1

‎02-15-2022 03:29 PM

I am troubleshooting an issue and trying to determine if these log messages are just a red herring - or possibly causing a problem. It looks like they all occur at a little over 2 minutes duration. Perhaps they are related to some kind of default? Any insight appreciated.

 

6|Feb 15 2022|12:05:27|302014|10.11.111.78|52024|12.2.86.151|443|Teardown TCP connection 2620621225 for OUTSIDE:10.11.111.78/52024(LOCAL\krally4) to OUTSIDE:12.2.86.151/443 duration 0:02:11 bytes 114766 Flow closed by inspection (krally4)
6|Feb 15 2022|12:05:27|302014|10.11.111.78|52028|12.2.86.151|443|Teardown TCP connection 2620621581 for OUTSIDE:10.11.111.78/52028(LOCAL\krally4) to OUTSIDE:12.2.86.151/443 duration 0:02:10 bytes 40216 Flow closed by inspection (krally4)
6|Feb 15 2022|12:05:27|302014|10.11.111.78|52027|12.2.86.151|443|Teardown TCP connection 2620621580 for OUTSIDE:10.11.111.78/52027(LOCAL\krally4) to OUTSIDE:12.2.86.151/443 duration 0:02:10 bytes 174898 Flow closed by inspection (krally4)
6|Feb 15 2022|12:05:27|302014|10.11.111.78|52029|12.2.86.151|443|Teardown TCP connection 2620621584 for OUTSIDE:10.11.111.78/52029(LOCAL\krally4) to OUTSIDE:12.2.86.151/443 duration 0:02:10 bytes 23913 Flow closed by inspection (krally4)
6|Feb 15 2022|12:05:27|302014|10.11.111.78|52026|12.2.86.151|443|Teardown TCP connection 2620621579 for OUTSIDE:10.11.111.78/52026(LOCAL\krally4) to OUTSIDE:12.2.86.151/443 duration 0:02:10 bytes 37857 Flow closed by inspection (krally4)

Labels:
3 Replies 3

MHM Cisco World
VIP
VIP

‎02-15-2022 04:22 PM

Are you config U-trun Out-Out VPN ?

0 Helpful

CiscoMedMed
Level 1
Level 1
In response to MHM Cisco World

‎02-15-2022 04:57 PM

This is U Turn traffic. They way I did it was to create a NAT rule for traffic destined for this address and I added the address to the split tunnel definition. Is there more to configure for Out-Out VPN?

MHM Cisco World
VIP
VIP
In response to CiscoMedMed

‎02-15-2022 05:35 PM

For vpn u-turn split tunnel there is no need NAT.

This doc. From  cisco see how config u turn with splittunnel.  

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100918-asa-sslvpn-00.html

0 Helpful
Customers Also Viewed These Support Documents