ASA droped package - Cisco Community

2728

Views

0

Helpful

5

Replies

Hello,

we are running an ASA firewallsystem and getting

Teardown TCP connection 56410XXX for outside:XX.XX.XX.XX/1521 to inside_demo003:XX.XX.XX.XX/1199 duration 0:00:00 bytes 3334 Flow closed by inspection

Anyone can tell me, the

"closed by inspection" message

is sent by the ASA for what kind of firewall discrepancy ?

I checked the cisco docs on here, but I just found some shallow info on this.

Maybe there is a larger style error table somewhere that I did not find yet.

It also would be great, if someone could guide me a little bit more in the direction for what valid reasons a packet can be dropped in the above case. (packet inspection) Maybe there is a matrix for it.

Thx in advance

5 Replies 5

Hi,

This is a TCP connection being closed by the inspection on the ASA.

The ASA by default has a default inspection policy that you can check on your configuration and its applied globally.

sh run class-map

sh run policy-map

sh run service-policy

Is this connection for a particular TCP protocol?

Federico.

TCP port 1521 is protocol sqlnet. Probably sqlnet inspection is closing that connection.

You would need to check the "sh policy-map" as suggested.

If you have sqlnet problem check the ASA version, earlier 8.0 version had a couple of defects with sqlnet inspection.

I hope it helps.

PK

https://supportforums.cisco.com/message/885232#885232

Read the above thread.

Pls. upgrade to the code past this defect http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCta03382

-KS

Hello,

how to find the

8.0(4.43)
^^^^ number behind a version ?

When I go to the software download page of cisco i just get offered

8.0.4 ED without any of the .43 number shown.

How to find out, what release cisco lets you download under 8.0.4 ED ???

Regards

8.0.4 interim is at asa804-48-k8.bin.

You need to open a TAC case and have the engineer publish the code for you.

-KS

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking products for a $25 gift card