Hello,

I have WiFi device (host 10.6.16.21) which needs to connect to remote server (172.25.20.26 on TCP port 3613)  over L2L VPN tunnel. I see that the device is attempting connection, but it is being reset:

%ASA-6-302014: Teardown TCP connection 21757966 for outside:172.26.20.25/3613 to inside:10.6.16.21/49164 duration 0:00:05 bytes 72 TCP Reset-I

I'm trying to find out what device is sending the reset packet and so I used packet capture on inside int:

capture in-cap interface inside match tcp host 10.6.16.21 host 172.26.20.25 eq 3613

Could you help me to understand why the session is being reset...below's the result of the packet capture:

sh capture in-cap

619 packets captured

   1: 14:22:19.201008 172.26.20.25.3613 > 10.6.16.21.49276: P 3368582700:3368582748(48) ack 2542480154 win 65523

   2: 14:22:21.960933 10.6.16.21.49277 > 172.26.20.25.3613: S 2543090958:2543090958(0) win 10000 <mss 1460,nop,wscale 0>

   3: 14:22:21.988321 172.26.20.25.3613 > 10.6.16.21.49277: S 1222713806:1222713806(0) ack 2543090959 win 16384 <mss 1380,nop,wscale 0>

   4: 14:22:21.996149 10.6.16.21.49277 > 172.26.20.25.3613: . ack 1222713807 win 10000

   5: 14:22:22.023344 172.26.20.25.3613 > 10.6.16.21.49276: F 3368582748:3368582748(0) ack 2542480154 win 65523

   6: 14:22:22.027769 172.26.20.25.3613 > 10.6.16.21.49277: P 1222713807:1222713819(12) ack 2543090959 win 65535

   7: 14:22:22.029798 10.6.16.21.49276 > 172.26.20.25.3613: R 2542480154:2542480154(0) ack 3368582749 win 0

   8: 14:22:22.032758 10.6.16.21.49277 > 172.26.20.25.3613: . ack 1222713819 win 9988

   9: 14:22:22.034620 10.6.16.21.49277 > 172.26.20.25.3613: P 2543090959:2543090971(12) ack 1222713819 win 10000

  10: 14:22:22.059719 172.26.20.25.3613 > 10.6.16.21.49277: P 1222713819:1222713867(48) ack 2543090959 win 65535

  11: 14:22:22.063335 10.6.16.21.49277 > 172.26.20.25.3613: . ack 1222713867 win 9952

  12: 14:22:22.216663 172.26.20.25.3613 > 10.6.16.21.49277: . ack 2543090971 win 65523

  13: 14:22:27.727684 10.6.16.21.49278 > 172.26.20.25.3613: S 2544029455:2544029455(0) win 10000 <mss 1460,nop,wscale 0>

  14: 14:22:27.755072 172.26.20.25.3613 > 10.6.16.21.49278: S 1364660650:1364660650(0) ack 2544029456 win 16384 <mss 1380,nop,wscale 0>

  15: 14:22:27.758459 10.6.16.21.49278 > 172.26.20.25.3613: . ack 1364660651 win 10000

  16: 14:22:27.786580 172.26.20.25.3613 > 10.6.16.21.49277: F 1222713867:1222713867(0) ack 2543090971 win 65523

  17: 14:22:27.791737 10.6.16.21.49277 > 172.26.20.25.3613: R 2543090971:2543090971(0) ack 1222713868 win 0

  18: 14:22:27.792897 172.26.20.25.3613 > 10.6.16.21.49278: P 1364660651:1364660663(12) ack 2544029456 win 65535

  19: 14:22:27.796833 10.6.16.21.49278 > 172.26.20.25.3613: . ack 1364660663 win 9988

  20: 14:22:27.800053 10.6.16.21.49278 > 172.26.20.25.3613: P 2544029456:2544029468(12) ack 1364660663 win 10000

  21: 14:22:27.823733 172.26.20.25.3613 > 10.6.16.21.49278: P 1364660663:1364660711(48) ack 2544029456 win 65535

  22: 14:22:27.827746 10.6.16.21.49278 > 172.26.20.25.3613: . ack 1364660711 win 9952

<--- More --->

  23: 14:22:27.950085 172.26.20.25.3613 > 10.6.16.21.49278: . ack 2544029468 win 65523

  24: 14:22:42.815204 172.26.20.25.3613 > 10.6.16.21.49278: P 1364660711:1364660715(4) ack 2544029468 win 65523

  25: 14:22:44.757224 172.26.20.25.3613 > 10.6.16.21.49278: P 1364660711:1364660715(4) ack 2544029468 win 65523

  26: 14:22:48.771322 172.26.20.25.3613 > 10.6.16.21.49278: P 1364660711:1364660715(4) ack 2544029468 win 65523

  27: 14:22:56.717797 172.26.20.25.3613 > 10.6.16.21.49278: P 1364660711:1364660715(4) ack 2544029468 win 65523

  28: 14:22:56.776235 10.6.16.21.49278 > 172.26.20.25.3613: R 2544029468:2544029468(0) ack 1364660716 win 0

  29: 14:22:56.776266 172.26.20.25.3613 > 10.6.16.21.49278: P ack 2544029468 win 65523

  30: 14:22:56.789784 10.6.16.21.49278 > 172.26.20.25.3613: R 2544029468:2544029468(0) ack 1364660716 win 0

  31: 14:22:56.789815 172.26.20.25.3613 > 10.6.16.21.49278: P ack 2544029468 win 65523

  32: 14:22:56.853517 10.6.16.21.49278 > 172.26.20.25.3613: R 2544029468:2544029468(0) ack 1364660716 win 0

  33: 14:22:56.853547 172.26.20.25.3613 > 10.6.16.21.49278: P ack 2544029468 win 65523

  34: 14:22:56.904341 10.6.16.21.49278 > 172.26.20.25.3613: R 2544029468:2544029468(0) ack 1364660716 win 0

  35: 14:22:56.904372 172.26.20.25.3613 > 10.6.16.21.49278: P ack 2544029468 win 65523

  36: 14:22:56.907439 10.6.16.21.49278 > 172.26.20.25.3613: R 2544029468:2544029468(0) ack 1364660716 win 0

  37: 14:22:56.907469 172.26.20.25.3613 > 10.6.16.21.49278: P ack 2544029468 win 65523

Thank you,

forman