cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5178
Views
0
Helpful
1
Replies

flags sxaA

sayast001
Level 1
Level 1

Hi All,

I am gettig the below logs in one of my ASA when trying to access one destination IP. I have site to site VPN established from this firewall and have

193.244.75.128/25 added in VPN tunnel encryption. However I am blocking 193.244.75.200/32  through tunnel and sending over plain internet. This firewall is behind perimeter firewall. Usually NATing will be happening in perimeter firewall.Since i was not able to access this IP from the desktops which are behind this ODC firewall, I have placed NAT statements in ODC firewall and getting below Logs in ODC firewall.

Xlate:

    TCP PAT from inside:10.222.6.14/54436 to outside:203.99.192.210/54436 flags ri idle 0:00:15 timeout 0:00:30

    TCP outside  193.244.75.200:443 inside  10.222.6.14:54436, idle 0:00:12, bytes 0, flags sxaA

Thanks

Soumya

1 Reply 1

Kyler Middleton
Level 1
Level 1

This is an old thread, but for anyone that stumbles on it like I did, I found an answer for my own presentation of this odd behavior. 

 

We took a wireshark, and the cipher specs were failing to negotiate for tcp/443 (https). This led to the sxaA flags showing up in the conn, and then quickly disappearing. Because the negotiation is so fast, it's hard to catch in that table. 

 

Hope it helps! 

kyler

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: