on last Friday, I saw this line in ASA logs
2009-02-20 08:52:57 Local4.Critical 1 %ASA-2-106001: Inbound TCP connection denied from <SPECIFIC PUBLIC ADDRESS>/80 to <ASA INSIDE HOST>/32622 flags FIN ACK on interface outside
This in not the only line, but ASA INSIDE HOST is always the same. It is mainly TCP connections with specific flags, that ASA is dropping on outside interface (we have also IPS module but connection is not coming to the IPS, it is dropped on outside) but there is also some UDP connection. In Fridey, there was scanning for about two hours.
Also, one a month, all VPNs that is terminated on ASA is dropped, and I need to reload device for VPNs to work again.
Is anybody have some experience with this? Could it be that scanning can be related to VPNs drop?
Thanks in advance