Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASA 5510 Message 6-106100 Problems

Recently a system within multiple virtual DMZ's under the same firewall (ASA) are producing a message which I would like some clarification to.

Error 6-106100 is Deny TCP (no connection) from xxx/12502 to xxx/32991 flags FIN ACK on interface xxx

I'm assumming that the SYN and SYN ACK are managing to get through as my error logs don't show this, but the FIN ACK's dont?

Could this be caused by a layer 7 timeout issue (application) or could this be the cause of a timeout issue on the ASA?

I'd like to know how best to troubleshoot this, if anyone can assist?

Thanks,

Natalia

1 REPLY

ASA 5510 Message 6-106100 Problems

Can anyone help? I have a feeling that the application that is trying to complete the TCP handshake is sending the final FIN ACK packet on a different session. I know this happens with H323 ansd you use the fixup command on the ASA.

Would a similar thing be needed for this situation, or is this an application layer issue?

Thanks,

Natalia

320
Views
0
Helpful
1
Replies
CreatePlease to create content