Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

firewall connection log

WOuld need advise on the attached logs from a connection , obtained by tcpdump on a firewall. is the global ip of ours which is been NAT on the device. the private ip for this hosts a website, which is inaccessible. is the internet ip used to check if the site is reachable.

Please suggest what does these logs indicate.


Cisco Employee

Re: firewall connection log

The capture shows the client ( sending a TCP SYN, followed by sending a TCP RST.

This means that either the NAT is not configured properly, or the access-list is not permitting the inbound traffic, or the traffic goes through but the server is not listening to port 443.

Check the syslogs, check the same capture on the inside interface, check if you can connect to the server (on its private ip addess) from a client on the inside.

Community Member

Re: firewall connection log

The logs which are attached in the notepad give me a feeling,when connection is intiated from to on port 443 the server which is is replying with a RST this could be the server is not listening on port 443

CreatePlease to create content