Firewall tear down of connection

Unanswered Question
Aug 1st, 2009

Hi,

I have a query regarding firewalls tearing down the connections.

I was testing one of my webservers, the connection works fine. When i look at logs in firewall for this connection, it shows below:-

|Aug 01 2009 14:13:21|302013: Built inbound TCP connection 12379739847949979872

for VPN:192.168.100.249026 (192.168.100.2/49026) to APP:192.168.200.10/7014 (192.168.200.10/7014)

Aug 01 2009 14:13:23|302014: Teardown TCP connection 12379739847949979839 for

VPN:192.168.100.249026to APP:192.168.200.10/7014 duration 0:00:03 bytes 15106 TCP

FINs

Why does the firewall built & then immediately(within 3 secs) try to break the connection as seen above.But even so , the web page works fine & am able to use it.

Please advise.

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Mon, 08/03/2009 - 19:09

Tear down reason TCP FINs means that the connection was gracefully closed.

You need to collect captures to see exactly what happens and who sends the first fin ack.

Here is the link to the syslog that you are seeing:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/system/message/logmsgs_external_docbase_0900e4b1804ca185_4container_external_docbase_0900e4b1805ba0fa.html#wp1280675

Actions

This Discussion