ASA sending RST packet

Answered Question
May 5th, 2010

Hi,

Don't if im being really dumb, but ive got an ASA setup as VPN concentrator. Which works fine, my issue is that the ASA is sending a RST/ACK packet back to a host when it's dropped by an ACL.

Has anyone come accross this ?

I have this problem too.
0 votes
Correct Answer by astripat about 6 years 8 months ago

Hi Stephen

,

By default "service resetoutbound" is enabled for all interfaces on the firewall. This command is used to enable resets for denied TCP connections. You can disbale this by entering the following command in the config mode:

no service resetoutbound

More information can be found here:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1290652

HTH

Ashu

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
astripat Wed, 05/05/2010 - 12:46

Hi Stephen

,

By default "service resetoutbound" is enabled for all interfaces on the firewall. This command is used to enable resets for denied TCP connections. You can disbale this by entering the following command in the config mode:

no service resetoutbound

More information can be found here:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1290652

HTH

Ashu

Actions

This Discussion