Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA Syslog Event 106001

I'm seeing a lot of events in our ASA logs for 106001 relating to external source TCP (port 80) connections being denied inbound to our PAT address. The sources are all valid web sites which users are accessing. If a source inside connects to a website outside, surely the return traffic will be permitted without needing any extra ACLs?

2 REPLIES
Silver

Re: ASA Syslog Event 106001

This is a connection-related message. This message occurs when an attempt to connect to an inside address is denied by your security policy. Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. Indeed that means the conn table removed the connection. Such kind of messages are usually generated due to bad server kernel implementation.

Community Member

Re: ASA Syslog Event 106001

So the websites generating these messages are at fault rather than anything wrong with our configuration or something malicious?

499
Views
0
Helpful
2
Replies
CreatePlease to create content