denied statements : port tcp 59150 and psh ack

Unanswered Question
Sep 24th, 2010

I am trying to find why we would received the following statement every couple of seconds. It does not make sense ?


2|Sep 24 2010|09:35:08|106001|visual link IP |25|x.x.x.x|59150|Inbound TCP connection denied from x.x.x.x/25 to x.x.x.x/59150 flags PSH ACK  on interface OUTSIDE


traffic is allowed on port 25 from that server. what could this error imply?


any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
praprama Fri, 09/24/2010 - 08:33

Hi,


Here's when that error comes.


http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search&locale=en&index=all&query=ASA-2-106001&counter=0&paging=5&links=reference&sa=Submit


It looks like the connection entry from the server on port 25 to the host on port 59150 is being torn down and after that the ASA is getting a TCP packet with flags PSH,ACK set. So, as the ASA does not have a connection entry for this connection, it denies it.


If this is the case, you should see logs saying "Built TCP connection" and "Teardown TCP connection" between these 2 hosts prior to this message in the logs. Let me know if this helps!!


Thanks and Regards,

Prapanch

Actions

This Discussion