Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7659
Views
5
Helpful
4
Replies

ASA sending RST packet

Go to solution
stephen.baugh
Level 1
Level 1

‎05-05-2010 12:05 PM - last edited on ‎03-25-2019 05:44 PM by Community Manager

Hi,

Don't if im being really dumb, but ive got an ASA setup as VPN concentrator. Which works fine, my issue is that the ASA is sending a RST/ACK packet back to a host when it's dropped by an ACL.

Has anyone come accross this ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
astripat
Level 1
Level 1
In response to stephen.baugh

‎05-05-2010 12:46 PM

Hi Stephen

,

By default "service resetoutbound" is enabled for all interfaces on the firewall. This command is used to enable resets for denied TCP connections. You can disbale this by entering the following command in the config mode:

no service resetoutbound

More information can be found here:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1290652

HTH

Ashu

View solution in original post

4 Replies 4

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-05-2010 12:09 PM

Hi,

Is the ASA doing TCP intercept for the inside hosts?

Federico.

0 Helpful

Go to solution
stephen.baugh
Level 1
Level 1
In response to Federico Coto Fajardo

‎05-05-2010 12:32 PM

ive not defined any tcp intercept parameters

0 Helpful

Go to solution
astripat
Level 1
Level 1
In response to stephen.baugh

‎05-05-2010 12:46 PM

Hi Stephen

,

By default "service resetoutbound" is enabled for all interfaces on the firewall. This command is used to enable resets for denied TCP connections. You can disbale this by entering the following command in the config mode:

no service resetoutbound

More information can be found here:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1290652

HTH

Ashu

Go to solution
stephen.baugh
Level 1
Level 1
In response to astripat

‎05-05-2010 12:57 PM

Many thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card