Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

messages 106015,302014 on ASA

Hi to all,

I am worry about many messages 106015 and 302014 that appear today on my ASA,

To fix the 302014 messages i create a service-policy to change the connection timeout idle to 8:00:00 for TCP 1521 (sqlnet), which is a connection to oracle database server (192.168.201.2), tomorrow i'll see if this works or not, what do you think?

About the messages 106015 i don't know why this is shown in the log, i read the cisco message explanation. My doubt is, is normal that this message appears on the ASA, i don't have routing problems, why could this message appears, is there another explanation,

Apr 11 10:52:17 frodo.mavesa.com.ec Apr 11 2012 10:46:29 130.130.130.132 : %ASA-6-106015: Deny TCP (no connection) from 192.168.201.2/1521 to 192.168.30.37/1175 flags ACK  on interface dmz

Apr 11 11:07:42 frodo Apr 11 2012 11:01:54 192.168.200.132 : %ASA-6-302014: Teardown TCP connection 34104167 for sucursales:192.168.5.40/2652 to dmz:192.168.201.2/1521 duration 1:27:51 bytes 387256 Connection timeout

IP address 192.168.30.37 is an inside IP address, connected to a vlan on my core, my core switch is connected to the inside interface on the ASA, and through static routes i do the routing.

Today i changed that PC to another vlan, and configured the 192.168.30.37, before that it was on same segment of 192.168.201.2 server.

I also get the 302014 message for the 192.168.30.37 IP.

this is my configuration regarding timeout..

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 8:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

and the policy:

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect ip-options

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect pptp

class csc-class

csc fail-open

class tcp_oracle

set connection timeout half-closed 0:25:00 idle 8:00:00

class class-default

user-statistics accounting

suggestions?.

best regards,

Juan Pablo

677
Views
0
Helpful
0
Replies
CreatePlease login to create content