Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA droped package

Hello,

we are running an ASA firewallsystem and getting

Teardown TCP connection 56410XXX for outside:XX.XX.XX.XX/1521 to  inside_demo003:XX.XX.XX.XX/1199 duration 0:00:00 bytes 3334 Flow closed by  inspection

Anyone can tell me, the

"closed by inspection" message

is sent by the ASA for what kind of firewall discrepancy ?

I checked the cisco docs on here, but I just found some shallow info on this.

Maybe there is a larger style error table somewhere that I did not find yet.

It also would be great, if someone could guide me a little bit more in the direction for what valid reasons a packet can be dropped in the above case. (packet inspection) Maybe there is a matrix for it.

Thx in advance

5 REPLIES

Re: ASA droped package

Hi,

This is a TCP connection being closed by the inspection on the ASA.

The ASA by default has a default inspection policy that you can check on your configuration and its applied globally.

sh run class-map

sh run policy-map

sh run service-policy

Is this connection for a particular TCP protocol?

Federico.

Cisco Employee

Re: ASA droped package

TCP port 1521 is protocol sqlnet. Probably sqlnet inspection is closing that connection.

You would need to check the "sh policy-map" as suggested.

If you have sqlnet problem check the ASA version, earlier 8.0 version had a couple of defects with sqlnet inspection.

I hope it helps.

PK

Cisco Employee

Re: ASA droped package

Community Member

Re: ASA droped package

Hello,

how to find the

8.0(4.43)
        ^^^^ number behind a version ?

When I go to the software download page of cisco i just get offered

8.0.4 ED without any of the .43 number shown.

How to find out, what release cisco lets you download under 8.0.4 ED ???

Regards

Cisco Employee

Re: ASA droped package

8.0.4 interim is at asa804-48-k8.bin.

You need to open a TAC case and have the engineer publish the code for you.

-KS

2494
Views
0
Helpful
5
Replies
CreatePlease to create content