05-05-2010 12:05 PM - last edited on 03-25-2019 05:44 PM by ciscomoderator
Hi,
Don't if im being really dumb, but ive got an ASA setup as VPN concentrator. Which works fine, my issue is that the ASA is sending a RST/ACK packet back to a host when it's dropped by an ACL.
Has anyone come accross this ?
Solved! Go to Solution.
05-05-2010 12:46 PM
Hi Stephen
,
By default "service resetoutbound" is enabled for all interfaces on the firewall. This command is used to enable resets for denied TCP connections. You can disbale this by entering the following command in the config mode:
no service resetoutbound
More information can be found here:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1290652
HTH
Ashu
05-05-2010 12:09 PM
Hi,
Is the ASA doing TCP intercept for the inside hosts?
Federico.
05-05-2010 12:32 PM
ive not defined any tcp intercept parameters
05-05-2010 12:46 PM
Hi Stephen
,
By default "service resetoutbound" is enabled for all interfaces on the firewall. This command is used to enable resets for denied TCP connections. You can disbale this by entering the following command in the config mode:
no service resetoutbound
More information can be found here:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1290652
HTH
Ashu
05-05-2010 12:57 PM
Many thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: