ASA sending RST packet

Answered Question
May 5th, 2010
User Badges:

Hi,


Don't if im being really dumb, but ive got an ASA setup as VPN concentrator. Which works fine, my issue is that the ASA is sending a RST/ACK packet back to a host when it's dropped by an ACL.


Has anyone come accross this ?

Correct Answer by astripat about 7 years 2 weeks ago

Hi Stephen

,

By default "service resetoutbound" is enabled for all interfaces on the firewall. This command is used to enable resets for denied TCP connections. You can disbale this by entering the following command in the config mode:


no service resetoutbound


More information can be found here:


http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1290652



HTH


Ashu

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Federico Coto F... Wed, 05/05/2010 - 12:09
User Badges:
  • Green, 3000 points or more

Hi,


Is the ASA doing TCP intercept for the inside hosts?


Federico.

Correct Answer
astripat Wed, 05/05/2010 - 12:46
User Badges:

Hi Stephen

,

By default "service resetoutbound" is enabled for all interfaces on the firewall. This command is used to enable resets for denied TCP connections. You can disbale this by entering the following command in the config mode:


no service resetoutbound


More information can be found here:


http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1290652



HTH


Ashu

Actions

This Discussion