I'm having a problem with my ASA dropping TCP connections. I have a Websense box going to an ASA, then out to a Nokia/Checkpoint FW, and then to the outside. When I try pinging the outside, it works fine. However, as soon as I try any TCP traffic, the ASA blocks it. I checked the Checkpoint logs and everything is allowed to go through, but once it hits the ASA, it drops. I have all my interfaces set to allow all on the ASA, so I really can't see why it's doing this...
I attached a log file from my Websense box trying to access the internet. Anyone's help appreciated!
6 Oct 24 2007 11:18:42 106015 WEBSENSE 126.96.36.199 Deny TCP (no connection) from WEBSENSE/1118 to 188.8.131.52/80 flags RST on interface DMZ
as described in the syslog-reference for ASAs it looks like asymetric routing!?
Error Message %PIX|ASA-6-106015: Deny TCP (no connection) from IP_address/port to
IP_address/port flags tcp_flags on interface interface_name.
Explanation The security appliance discarded a TCP packet that has no associated connection in the security appliance connection table. The security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the security appliance discards the packet.
Recommended Action None required unless the security appliance receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...