05-19-2009 07:13 AM - edited 03-11-2019 08:33 AM
While in ASDM via the management interface, I get ASA log entries every 30 seconds with 'deny TCP (no connection) from *** to ***/443 flags FIN ACK on interface management'. Operation of ASDM is not impacted, but I'd like to correct this if possible.
05-19-2009 07:41 AM
I have exactly the same problem, and would love to know a fix too.
05-22-2009 10:16 AM
Opened a TAC case. I'll make sure the results get posted.
05-22-2009 12:15 PM
I did a recreate in my lab.I saw the exact same behaviour.
What we all are seeing appears to be a normal behavior.
When you load up ASDM, there is one main connection to the ASA interface on port 443 via which GUI is populated. The other possible connection
could be logging connection via which ASDM gets logs from ASA.
Apart from this, if there is any command which you need to execute from ASDM, or when you navigate through ASDM windows/frames, most of them would cause ASDM to send a command to ASA and use the output to populate
the fields on GUI. These commands are *not* sent on the same connection via which GUI is visible, but via a new separate connection. As soon as
ASA gets the output, the connection is closed and the FIN+ACK is denied because connection no longer exists.
05-22-2009 12:19 PM
That is exactly my point and I would view this as a deficiency. The ASA should be able to properly terminate connections, especially from / to itself.
Let me know if you agree or disagree with the assessment.
Also, I opened a dialog on NetPro on this topic. Would you be willing to post your respose there too? At least one other person was seeking a resolution for this issue.
Thanks,
Mike Palmer
Bremer Financial.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide