Error on my ASA 5500

Unanswered Question
Aug 17th, 2007

"106001: Inbound TCP connection denied from host(x.x.x.x), to websense flags SYN on interface inside", this is the error i am getting on my ASA 5500, could you please suggest me whats this? and how i solve it?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
spremkumar Sun, 08/19/2007 - 20:11


hope this helps.

1. %PIX-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name

This is a connection-related message. This message occurs when an attempt to connect to an inside address is denied by your security policy. Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the PIX Firewall, and it was dropped. The tcp_flags in this packet are FIN and ACK. The tcp_flags are as follows: - ACK-The acknowledgment number was received. - FIN-Data was sent. - PSH-The receiver passed data to the application. - RST-The connection was reset. - SYN-Sequence numbers were synchronized to start a connection. - URG-The urgent pointer was declared valid.

Recommended Action: None required. Error Message %PIX-2-106002: protocol Connection denied by outbound list acl_ID src inside_address dest outside_address


mukundpalsikar Tue, 08/21/2007 - 07:44

Hi Prem

I have opend the all ports in ACL, for this host, but its not working, as our main problem is websense is unable to disply the block page message on the system when user try to access the blocked websites that websense should do but ueser getting the "page cannot be displyed message instead". please help me.

hjerrold1 Wed, 08/22/2007 - 06:31

check that your routing is symetric. many times this error and others like it are caused by asymetric routing.


This Discussion