Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1068
Views
0
Helpful
5
Replies

ASA 5510 Issue

TM13
Level 1
Level 1

‎08-20-2013 08:40 PM - edited ‎03-11-2019 07:28 PM

I am receiving below message on the Internet Firewall and losing connection, mostly upload side like Outlook, Facebook, Youtube ...

6      9:38:45     106015      53142     173.252.112.23     443     Deny TCP (no connection) from 10.*.*.*/53142 to 173.252.112.23/443 flags RST on interface inside

i've tried "sysopt connection timewait" command and still no success, any idea?

Labels:
0 Helpful
5 Replies 5

vishaw jasrotia
Level 1
Level 1

‎08-20-2013 11:25 PM

hey

please paste your running configuration

Thanks

Vishaw

0 Helpful

TM13
Level 1
Level 1
In response to vishaw jasrotia

‎08-21-2013 08:17 PM

Actually there is not much configs on it

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to TM13

‎08-21-2013 08:50 PM

Hello Tulgabat,

As you can see the ASA is receiving a RESET packet from the Inside client after the connection has been torndown.

My recommendations: Do captures on both interfaces of the ASA:

cap capin interface inside match tcp host inside_host_ip_address host outside_host_ip_address

cap capout interface outside match tcp host outside_nat_ip_address host outside_host_ip_address

Then attempt to connect and finally provide the following to us

show cap capin

show cap capout

show logging | include x.x.x.x (Inside_host_IP address) Hopefully you have loggin enabled

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

TM13
Level 1
Level 1
In response to Julio Carvajal

‎08-21-2013 11:01 PM

# sh cap capout

   : 14:02:44.673091 202.131.225.97.6153 > 74.117.178.90.80: P 2135110166:2135                                            111132(966) ack 650230300 win 16436

   : 14:02:44.870438 74.117.178.90.80 > 202.131.225.97.6153: . ack 2135111132                                             win 13

  : 14:02:44.874466 74.117.178.90.80 > 202.131.225.97.6153: P 650230300:65023                                            0647(347) ack 2135111132 win 13

  : 14:48:39.055279 202.131.225.97.47817 > 74.117.178.90.80: F 2964315953:296                                            4315953(0) ack 3956491086 win 16560

  : 14:48:39.253648 74.117.178.90.80 > 202.131.225.97.47817: F 3956491086:395                                            6491273(187) ack 2964315954 win 6

  : 14:48:39.254747 202.131.225.97.47817 > 74.117.178.90.80: R 2964315954:296                                            4315954(0) ack 3956491273 win 0

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to TM13

‎08-21-2013 11:22 PM

Hello,

Based on this it seems the Internal host is closing the connection:

  28: 14:48:39.055279 202.131.225.197.47817 > 74.117.178.90.80: F 2964315953:296                                            4315953(0) ack 3956491086 win 16560

  29: 14:48:39.253648 74.117.178.90.80 > 202.131.225.197.47817: F 3956491086:395                                            6491273(187) ack 2964315954 win 6

  30: 14:48:39.254747 202.131.225.197.47817 > 74.117.178.90.80: R 2964315954:296                                            4315954(0) ack 3956491273 win 0

TCP FIN packets being negotiated to close the session and afterwards the computer sending a reset

Check my blog at http:laguiadelnetworking.com  and subscribe so you can get daily information about networking.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card