syslog %ASA-6-106015

Unanswered Question
Mar 25th, 2009
User Badges:

getting from syslog from CISCO ASA

%ASA-6-106015: Deny TCP (no connection) from to flags ACK on interface inside

It is some thing that I should be concerned ? Or How to fix it.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Patrick Iseli Wed, 03/25/2009 - 18:13
User Badges:
  • Gold, 750 points or more

Depends how many of them you get.

Basicly there is no entry in the stateful firewall table of an initial SYN request so the Firewall is refusing the connection.


a.) Asymetric routing

b.) timout issues

Error Message %PIX|ASA-6-106015: Deny TCP (no connection) from IP_address/port to

IP_address/port flags tcp_flags on interface interface_name.

Explanation The security appliance discarded a TCP packet that has no associated connection in the security appliance connection table. The security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the security appliance discards the packet.

Recommended Action None required unless the security appliance receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent.




This Discussion