Strange response from ASA

Unanswered Question
Mar 25th, 2009

We have two identical ASA 5540s on our Border.

If we try to connect to a host protected by one of the ASA's on a port that is not permitted for this host, this results in a brief connection; the connection is then immediately closed- see below:

...$ telnet host.domain.edu 24

Trying x.x.x.10...

Connected to host.domain.edu.

Escape character is '^]'.

Connection closed by foreign host.

If we move the routing for this same host to the other ASA -which has the same rules and settings as the first ASA- we do not get this result; no connection is opened.

We can't figure out what is causing this.

Anyone else seen anything like this?

thanks,

Lynne

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
lynne.meeks Thu, 03/26/2009 - 04:35

I've looked at the config and there is nothing that should respond on TCP port 24 for that IP address.

Yesterday we moved the routing for this host to another ASA with an identical configuration with respect to all rules for this host and all inspect commands - and the problem went away.

So I'm thinking it is not a configuration issue... Strange, huh?

lynne.meeks Thu, 03/26/2009 - 04:49

Solution found: We reloaded the firewall and this behavior went away.

The last time this box was reloaded was just after we had located and stopped some malware traffic that was causing severe memory overload on the FW and causing it to stop passing traffic.

So perhaps there was still some memory corruption from that event- that's my best guess for now.

thanks-

Lynne

Actions

Login or Register to take actions

This Discussion

Posted March 25, 2009 at 5:00 AM
Stats:
Replies:3 Avg. Rating:
Views:101 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,866
2 6,140
3 3,170
4 1,473
5 1,446