If I read that right, then the source and destination of that packet are both on the inside of the ASA. Is it possible that the ASA is seeing only half of the 2-way conversation? A stateful firewall will never like that. For that reason it would be best to use the internal router as default gateway for all devices on the ASA's subnet, rather than use the ASA itself.
You can "bounce" traffic off the ASA if you have "same-security-traffic permit intra-interface" but the ASA must see the full connection. This can be awkward to achieve.
Sometimes 106015 messages happen just because the ASA has torn down the connection before one of the hosts has, so this could refer to a connection which is finished as far as the ASA is concerned.
So, set the gateway of 10.113.66.10 to be the router not the ASA.
The source/destination are on the correct interfaces with the correct security levels - 0 and 100, the only weirdness is the 192.x.x.x and 10.x.x.x - the 192.x.x.x is a BT router on and ADSL circuit, it is doing the NAT for the external ASA interface to a routable address.
I agree with you, the ASA is tearing down the session because it is not seeing the full SYN/ACK - RST sequence and assuming something is amiss. Works fine if there is a single subnet behind the ASA, but not multiple nets.
I will try again using the 3750 on the LAN as the gateway for the ASA, which gives me another unique problem I will not bore you with.....
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...