10-24-2007 07:42 AM - edited 03-11-2019 04:29 AM
Hi,
I'm having a problem with my ASA dropping TCP connections. I have a Websense box going to an ASA, then out to a Nokia/Checkpoint FW, and then to the outside. When I try pinging the outside, it works fine. However, as soon as I try any TCP traffic, the ASA blocks it. I checked the Checkpoint logs and everything is allowed to go through, but once it hits the ASA, it drops. I have all my interfaces set to allow all on the ASA, so I really can't see why it's doing this...
I attached a log file from my Websense box trying to access the internet. Anyone's help appreciated!
Thanks.
6 Oct 24 2007 11:18:42 106015 WEBSENSE 69.147.114.210 Deny TCP (no connection) from WEBSENSE/1118 to 69.147.114.210/80 flags RST on interface DMZ
10-30-2007 07:57 AM
hi darkid123.
as described in the syslog-reference for ASAs it looks like asymetric routing!?
106015
Error Message %PIX|ASA-6-106015: Deny TCP (no connection) from IP_address/port to
IP_address/port flags tcp_flags on interface interface_name.
Explanation The security appliance discarded a TCP packet that has no associated connection in the security appliance connection table. The security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the security appliance discards the packet.
Recommended Action None required unless the security appliance receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent.
10-31-2007 07:42 AM
Websense is droping your Yahoo website. Open Meebo.com.
- Dharmesh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: