connection not established

Answered Question
Jun 13th, 2010
User Badges:

While troubleshooting on a problem related to communication problem between two systems with a firewall in between , it was observed that there were no connections seen in connection table ( as seen usually ) , although regular builtup & tear down connection were seen appearing in log.

The file transfer is not working for some reason. ASA shows the connection of teardown and builtup for this but nothing appears in the sh conn table.


In such a scenario does it mean that destination system isnt responding to the query and thus even though connection is allowed thru the ASA ( with rules in place) , connection table wont show it unless it is successful.


Please help me understand this and any other way to troubleshoot such problems.


Thanks in advance!

Correct Answer by Federico Coto F... about 7 years 1 month ago

Hi,


If there are no connections showing on the ASA most likely traffic is not making its way through.

Are you using NAT, do you have ACLs restricting traffic?


Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
Federico Coto F... Sun, 06/13/2010 - 13:38
User Badges:
  • Green, 3000 points or more

Hi,


If there are no connections showing on the ASA most likely traffic is not making its way through.

Are you using NAT, do you have ACLs restricting traffic?


Federico.

suthomas1 Sun, 06/13/2010 - 19:15
User Badges:

Thanks, NAT is not involved in this case & acl's for the needed traffic are already existing.

Federico Coto F... Mon, 06/14/2010 - 11:19
User Badges:
  • Green, 3000 points or more

Aren't the connections being denied by the existing ACLs?

That would explain why you see torn down connections and why there are no connections created in the 'sh conn''


Federico.

suthomas1 Mon, 06/14/2010 - 21:10
User Badges:

Rules are configured for these connections and there were no deny sequence seen for these traffic.

i see following messages when checked:

6|Jun 15 2010 12:05:13|302013: Built inbound TCP connection 12379739847776492194 for FW:10.0.122.8/3397 (10.0.122.8/3397) to WFM:10.51.100.107/443 (10.51.100.107/443)
6|Jun 15 2010 12:05:13|302014: Teardown TCP connection 12379739847776492194 for FW:10.0.122.8/3397 to WFM:10.51.100.107/443 duration 0:00:00 bytes 3715 TCP FINs


tcp FINS are sometimes seen replaced with Reset-0.


Is these kind of built/teardown connection normal with tcp within short timespan.


Thanks for your help!


{EDIT} : So sh conn would only give connections if the rules are configured for the traffic else it wont show . is that correct, just to understand?

edadios Mon, 06/14/2010 - 21:51
User Badges:
  • Silver, 250 points or more

Since it is already torn down, you will not see it in connections.


Even if you have allowed for the connection flow, and it is built, but if it is torn down straight away, then it will no longer be in "show connection" output.


You will need to find out why the fin or reset is happening for that specific flow.


What does the configuration look like?


Have you tried packet tracer?


You are doing https traffic. Is the traffic directed to the interface ip address of the firewall, and you have also asdm or webvpn configured for the interface?

suthomas1 Mon, 06/21/2010 - 02:10
User Badges:

Thanks for your help, the problem got resolved lately. It was related to some new process on the server which negated the connections.


Thanks again for ur valuable inputs!

Actions

This Discussion