Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

TCP reset by appliance

Hi Everyone,

i am trying https conenction between serevr and ASA.

%ASA-6-302014: Teardown TCP connection 977425972 for inside :192.168.50.220/52438 to identity:192.168.51.1/443 duration 0:00:00 bytes 0 TCP Reset by appliance

%ASA-6-302013: Built inbound TCP connection 977425972 for inside :192.168.50.220/52438 (192.168.50.220/52438) to identity:192.168.51.1/443 (192.168.51.1/443).

These are logs from ASA

where 192.168.50.220  is server IP

192.168.51.1  is ASA  IP

Need to know if issue is at ASA  or  server side?

Regards

MAhesh

3 ACCEPTED SOLUTIONS

Accepted Solutions
Super Bronze

TCP reset by appliance

Hi,

Atleast the message tells us that the ASA resets the TCP connection.

Have you seen any other logs in addition to these?

Some sources suggest that there is a missmatch between the encryption the clients browser and ASA supports.

Here is a document about ASDM troubleshooting

https://supportforums.cisco.com/docs/DOC-15016

You can use the command

show run all ssl

to view what is configured on the ASA side.

- Jouni

Super Bronze

TCP reset by appliance

Hi,

I have never used CSM so I don't know much about how it works with the ASA.

I would imagine that there is perhaps some configuration related problem between the CSM and the ASA.

Are you getting any error messages on the CSM to hint what the problem might be?

Have you allowed the CSM source address with the command

http

I think that is required atleast.

- Jouni

Super Bronze

Re: TCP reset by appliance

Hi,

I would imagine that you might need to debug the HTTP connection and possibly the AAA.

Again I have to say that I have never setup or used CSM so I have no knowledge of it and can only guess.

I would imagine that the CSM uses some username/password to log into the ASA? If so, have you confirmed that there is no typing errors on the username/password?

Naturally you can also capture the traffic on the ASA and on the server and see if that gives any hint of the problem.

- Jouni

8 REPLIES
Super Bronze

TCP reset by appliance

Hi,

Atleast the message tells us that the ASA resets the TCP connection.

Have you seen any other logs in addition to these?

Some sources suggest that there is a missmatch between the encryption the clients browser and ASA supports.

Here is a document about ASDM troubleshooting

https://supportforums.cisco.com/docs/DOC-15016

You can use the command

show run all ssl

to view what is configured on the ASA side.

- Jouni

New Member

TCP reset by appliance

Hi Jouni,

These are only logs which i see again and again when i try https connection.

Its between cisco csm server and ASA.

Other thing is that  https connection works fine between PC  and Server  which goes via same ASA.

Regards

Mahesh

New Member

Re: TCP reset by appliance

Hi Jouni,

sh run all ssl  shows

ssl server-version any

ssl client-version any

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

Thanks

MAhesh

Super Bronze

TCP reset by appliance

Hi,

I have never used CSM so I don't know much about how it works with the ASA.

I would imagine that there is perhaps some configuration related problem between the CSM and the ASA.

Are you getting any error messages on the CSM to hint what the problem might be?

Have you allowed the CSM source address with the command

http

I think that is required atleast.

- Jouni

New Member

TCP reset by appliance

Hi Jouni,

How CSM  works is that we add ASA  into CSM  so then CSM  try to connects to ASA  via https.

I have already config http server ip  mask int  on ASA.

These are the messages i get on CSM  when i try to add ASA  via https

i get error https

Connectivity  Test Failed. Time Elapsed: 127 seconds. Unable to Communicate With  Device No response to connection attempt to this device Please verify  the following and then retry this operation. (1) The device "IP  address", Communication Protocol Mode and Port are correct.

(2) There is network connectivity between the CS Manager server and the device.

(3)  The device is configured to accept http/https connections. To Discover  IPS policies from IOS or IPS devices the http/https connections should  be enabled otherwise IPS policy discovery should be disabled.

(4) The device is running.

Regards

MAhesh

New Member

TCP reset by appliance

Hi  Jouni,

Will packet capture help to identify  why ASA  is resetting the connection?

Regards

MAhesh

Super Bronze

Re: TCP reset by appliance

Hi,

I would imagine that you might need to debug the HTTP connection and possibly the AAA.

Again I have to say that I have never setup or used CSM so I have no knowledge of it and can only guess.

I would imagine that the CSM uses some username/password to log into the ASA? If so, have you confirmed that there is no typing errors on the username/password?

Naturally you can also capture the traffic on the ASA and on the server and see if that gives any hint of the problem.

- Jouni

New Member

TCP reset by appliance

Hi Jouni,

Issue is fixed  from CSM  server  i need to add the IP of ASA interface where server connects but i was actually adding

the IP of ASA  hostname.

Best regards

MAhesh

726
Views
0
Helpful
8
Replies