Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

deny tcp (no connection)

Hi,

in the FWSM we have too many "deny tcp (no connection)" log and tcp connections disconnect randomly.

some log events:

Deny TCP (no connection) from 10.4.2.1/80 to 10.5.46.2/1395 flags ACK on interface inside.

1 REPLY

deny tcp (no connection)

Hello Hedhyeh,

This is a routing issue, this is known as a stateful tcp firewall issue.

The problem is that the firewall is receiving a ack packet on the inside interface of a connection where he has not received a SYN packet, so of course he will drop it!

You have two options:

1- check why the routing issue is happening, get into the real root of the issue

2- the easyest way to solve it, configured a tcp state bypass policie to tell the ASA: Do not drop a tcp packet if the tcp 3 way handshake is not used.

Hope this helps.

Julio

Do rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
1242
Views
0
Helpful
1
Replies
CreatePlease to create content