Strange response from ASA

Unanswered Question
Mar 25th, 2009
User Badges:

We have two identical ASA 5540s on our Border.

If we try to connect to a host protected by one of the ASA's on a port that is not permitted for this host, this results in a brief connection; the connection is then immediately closed- see below:

...$ telnet 24

Trying x.x.x.10...

Connected to

Escape character is '^]'.

Connection closed by foreign host.

If we move the routing for this same host to the other ASA -which has the same rules and settings as the first ASA- we do not get this result; no connection is opened.

We can't figure out what is causing this.

Anyone else seen anything like this?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lynne.meeks Thu, 03/26/2009 - 04:35
User Badges:

I've looked at the config and there is nothing that should respond on TCP port 24 for that IP address.

Yesterday we moved the routing for this host to another ASA with an identical configuration with respect to all rules for this host and all inspect commands - and the problem went away.

So I'm thinking it is not a configuration issue... Strange, huh?

lynne.meeks Thu, 03/26/2009 - 04:49
User Badges:

Solution found: We reloaded the firewall and this behavior went away.

The last time this box was reloaded was just after we had located and stopped some malware traffic that was causing severe memory overload on the FW and causing it to stop passing traffic.

So perhaps there was still some memory corruption from that event- that's my best guess for now.




This Discussion