cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
49313
Views
5
Helpful
7
Replies

TCP Reset-O, Reset-I, FINS

Alvaro Rugama
Level 1
Level 1

Hi everyone

hope you can help me with this issue. I´m having problems when connecting to a web service on a device. My ASA has 3 active interfaces, one for the headquarter inside network (inside), one for the ISP connection (outside) and one for the remote sites that connects through a MPLS (WAN). I´m trying to stablish a connection to a web service on a printer from my headquarter to a remote office (from inside to WAN); but I´m having random error messages on the ASA´s monitor.

if I try to connect from my laptop I got this messages

bueno---fins.jpg

this is the connection from the inside to the WAN interface.

bueno---stablish-inside.jpg

this one shows the the connection has been stablish. No problems so far.

But when I try to connect from another PC I receive this messages

stablish-inside.jpg

this are the messages from inside to WAN

reset--o.jpg

this image shows that the connection has been reset. So no connection has been stablish between the devices. What does the Reset-O means? but sometimes I do not receive the TCP Reset-O message sometimes we get the TCP Reset-I message.

syn-timout---de-colorqube.jpg

you can see the TCP Rese-I message on the first Row.

Not so sure what is going on. some computer are able to access the web service other don´t. I also do some testing, use my ip address (that works fine) in the other PC, but the problem persist, even with my ip address. Antivirus, Windows firewall, antimalware, all are shutdown.

All computer on the remote office can localy access the service with no problem. however, they have problems accesing some service on the headquarters.

I have ACL in both, the inside and WAN interface that allowes communication between they, using the Packet Tracer tool on the ASDM I can se that the package are allowed in every port number, because I´m allowing all traffic with no exception.

acl-asa.jpg

can anyone help me with this?

Best Regards

Alvaro Rugama Cerda

1 Accepted Solution

Accepted Solutions

Hello Alvaro,

On the outside capture

Starting at packet 24 we can see how the Printer starts the TCP Graceful closure with the FIN packet.Packet 26 shows that the Client agreed the closure of the session and sends the FIN packet to close it.

Having 0 packets on the ASP capture means the ASA is not dropping the connection (ASP capture will show all of the packets being droped by the ASA).

Any other question?

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

7 Replies 7

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Alvaro,

Reset-O means that the Outside host send a reset

Reset-I the inside host did it

I also see a graceful closure of the session via TCP Fins.

My recommendation would be to focus on a single connection while taking captures (Captures dont't lie man)

cap capin interface inside match ip host x.x.x.x (Inside PC) host x.x.x.x (Printer IP)

cap capout interface outside match ip host x.x.x.x (Inside PC on the outside world, check for any NAT) host x.x.x (Printer IP)

cap  asp type asp-drop all circular-buffer.

Then try to connect (Only once) and provide

show cap capin

show cap capout

show cap asp | include x.x.x.x (printer ip add)

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thank you Julio

Will check this information today. I will update if I find something new.

Best Regards

Alvaro Rugama

this is the log that I get from the machine that can´t connect to the printer.

-------------------------------------------SHOW CAPIN-----------------------------------------------------------------------------------

23 packets captured

   1: 10:44:05.523471 13.133.244.153.8098 > 13.134.236.204.80: S 1331249432:1331249432(0) win 8192

   2: 10:44:05.524829 13.134.236.204.80 > 13.133.244.153.8098: S 845218227:845218227(0) ack 1331249433 win 5840

   3: 10:44:05.525592 13.133.244.153.8098 > 13.134.236.204.80: . ack 845218228 win 256

   4: 10:44:05.579666 13.133.244.153.8098 > 13.134.236.204.80: P 1331249433:1331249781(348) ack 845218228 win 256

   5: 10:44:05.581070 13.134.236.204.80 > 13.133.244.153.8098: . ack 1331249781 win 216

   6: 10:44:05.582519 13.134.236.204.80 > 13.133.244.153.8098: P 845218228:845218697(469) ack 1331249781 win 216

   7: 10:44:05.584472 13.133.244.153.8100 > 13.134.236.204.443: S 1596782860:1596782860(0) win 8192

   8: 10:44:05.584854 13.133.244.153.8101 > 13.134.236.204.443: S 1845707848:1845707848(0) win 8192

   9: 10:44:05.585693 13.134.236.204.443 > 13.133.244.153.8100: S 2624789608:2624789608(0) ack 1596782861 win 5840

  10: 10:44:05.585907 13.134.236.204.443 > 13.133.244.153.8101: S 2149878517:2149878517(0) ack 1845707849 win 5840

  11: 10:44:05.586349 13.133.244.153.8100 > 13.134.236.204.443: . ack 2624789609 win 256

  12: 10:44:05.586410 13.133.244.153.8101 > 13.134.236.204.443: . ack 2149878518 win 256

  13: 10:44:05.586593 13.133.244.153.8100 > 13.134.236.204.443: P 1596782861:1596783051(190) ack 2624789609 win 256

  14: 10:44:05.586685 13.133.244.153.8101 > 13.134.236.204.443: P 1845707849:1845708039(190) ack 2149878518 win 256

  15: 10:44:05.587860 13.134.236.204.443 > 13.133.244.153.8100: . ack 1596783051 win 216

  16: 10:44:05.587890 13.134.236.204.443 > 13.133.244.153.8101: . ack 1845708039 win 216

  17: 10:44:05.738670 13.134.236.204.443 > 13.133.244.153.8101: P 2149879978:2149880670(692) ack 1845708039 win 216

  18: 10:44:05.739448 13.134.236.204.443 > 13.133.244.153.8100: P 2624791069:2624791761(692) ack 1596783051 win 216

  19: 10:44:05.739555 13.134.236.204.443 > 13.133.244.153.8101: . 2149879954:2149879978(24) ack 1845708039 win 216

  20: 10:44:05.740058 13.133.244.153.8101 > 13.134.236.204.443: . ack 2149878518 win 256

  21: 10:44:05.740608 13.133.244.153.8100 > 13.134.236.204.443: . ack 2624789609 win 256

  22: 10:44:05.740653 13.133.244.153.8101 > 13.134.236.204.443: . ack 2149878518 win 256

  23: 10:44:05.779073 13.133.244.153.8098 > 13.134.236.204.80: . ack 845218697 win 254

23 packets shown

-------------------------------------------SHOW CAPWAN-----------------------------------------------------------------------------------

37 packets captured

   1: 10:44:05.523624 13.133.244.153.8098 > 13.134.236.204.80: S 1557652677:1557652677(0) win 8192

   2: 10:44:05.524798 13.134.236.204.80 > 13.133.244.153.8098: S 3637013201:3637013201(0) ack 1557652678 win 5840

   3: 10:44:05.525622 13.133.244.153.8098 > 13.134.236.204.80: . ack 3637013202 win 256

   4: 10:44:05.579697 13.133.244.153.8098 > 13.134.236.204.80: P 1557652678:1557653026(348) ack 3637013202 win 256

   5: 10:44:05.581039 13.134.236.204.80 > 13.133.244.153.8098: . ack 1557653026 win 216

   6: 10:44:05.582489 13.134.236.204.80 > 13.133.244.153.8098: P 3637013202:3637013671(469) ack 1557653026 win 216

   7: 10:44:05.584610 13.133.244.153.8100 > 13.134.236.204.443: S 2026842964:2026842964(0) win 8192

   8: 10:44:05.584976 13.133.244.153.8101 > 13.134.236.204.443: S 3107277390:3107277390(0) win 8192

   9: 10:44:05.585663 13.134.236.204.443 > 13.133.244.153.8100: S 2606863239:2606863239(0) ack 2026842965 win 5840

  10: 10:44:05.585876 13.134.236.204.443 > 13.133.244.153.8101: S 257816110:257816110(0) ack 3107277391 win 5840

  11: 10:44:05.586380 13.133.244.153.8100 > 13.134.236.204.443: . ack 2606863240 win 256

  12: 10:44:05.586425 13.133.244.153.8101 > 13.134.236.204.443: . ack 257816111 win 256

  13: 10:44:05.586609 13.133.244.153.8100 > 13.134.236.204.443: P 2026842965:2026843155(190) ack 2606863240 win 256

  14: 10:44:05.586700 13.133.244.153.8101 > 13.134.236.204.443: P 3107277391:3107277581(190) ack 257816111 win 256

  15: 10:44:05.587829 13.134.236.204.443 > 13.133.244.153.8100: . ack 2026843155 win 216

  16: 10:44:05.587875 13.134.236.204.443 > 13.133.244.153.8101: . ack 3107277581 win 216

  17: 10:44:05.738639 13.134.236.204.443 > 13.133.244.153.8101: P 257817571:257818263(692) ack 3107277581 win 216

  18: 10:44:05.739433 13.134.236.204.443 > 13.133.244.153.8100: P 2606864700:2606865392(692) ack 2026843155 win 216

  19: 10:44:05.739540 13.134.236.204.443 > 13.133.244.153.8101: . 257817547:257817571(24) ack 3107277581 win 216

  20: 10:44:05.740119 13.133.244.153.8101 > 13.134.236.204.443: . ack 257816111 win 256

  21: 10:44:05.740638 13.133.244.153.8100 > 13.134.236.204.443: . ack 2606863240 win 256

  22: 10:44:05.740669 13.133.244.153.8101 > 13.134.236.204.443: . ack 257816111 win 256

  23: 10:44:05.779103 13.133.244.153.8098 > 13.134.236.204.80: . ack 3637013671 win 254

  24: 10:44:15.592376 13.134.236.204.80 > 13.133.244.153.8098: F 3637013671:3637013671(0) ack 1557653026 win 216

  25: 10:44:15.593627 13.133.244.153.8098 > 13.134.236.204.80: . ack 3637013672 win 254

  26: 10:44:25.584930 13.133.244.153.8098 > 13.134.236.204.80: F 1557653026:1557653026(0) ack 3637013672 win 254

  27: 10:44:25.585998 13.134.236.204.80 > 13.133.244.153.8098: . ack 1557653027 win 216

  28: 10:44:35.588821 13.133.244.153.8100 > 13.134.236.204.443: F 2026843155:2026843155(0) ack 2606863240 win 256

  29: 10:44:35.588989 13.133.244.153.8101 > 13.134.236.204.443: F 3107277581:3107277581(0) ack 257816111 win 256

  30: 10:44:35.590164 13.134.236.204.443 > 13.133.244.153.8101: F 257818263:257818263(0) ack 3107277582 win 216

  31: 10:44:35.590713 13.134.236.204.443 > 13.133.244.153.8100: F 2606865392:2606865392(0) ack 2026843156 win 216

  32: 10:44:35.591659 13.133.244.153.8101 > 13.134.236.204.443: . ack 257816111 win 256

  33: 10:44:35.591689 13.133.244.153.8100 > 13.134.236.204.443: . ack 2606863240 win 256

  34: 10:45:20.588317 13.133.244.153.8100 > 13.134.236.204.443: . 2026843155:2026843156(1) ack 2606863240 win 256

  35: 10:45:20.589462 13.134.236.204.443 > 13.133.244.153.8100: . ack 2026843156 win 216

  36: 10:45:20.596969 13.133.244.153.8101 > 13.134.236.204.443: . 3107277581:3107277582(1) ack 257816111 win 256

  37: 10:45:20.597884 13.134.236.204.443 > 13.133.244.153.8101: . ack 3107277582 win 216

37 packets shown

-------------------------------------------SHOW CAPASP-----------------------------------------------------------------------------------

with this command there is no result with the printer's ip

Best Regards

Hello Alvaro,

On the outside capture

Starting at packet 24 we can see how the Printer starts the TCP Graceful closure with the FIN packet.Packet 26 shows that the Client agreed the closure of the session and sends the FIN packet to close it.

Having 0 packets on the ASP capture means the ASA is not dropping the connection (ASP capture will show all of the packets being droped by the ASA).

Any other question?

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thank you again Julio for your support.

I´m just wondering what could it be droping that connection. Because some computers can access the web, others (on the same network) don´t.

I'm guessing  that some device on the MPLS Provider is droping them. because this example is just with one printer, but in reality those computer connot access all my remote printers, and the printers can not access one service that we are running here.

Thank you very much.

Best Regards.

Alvaro Rugama

Hello Alvaro,

You should start taking captures close to the printer to see if it's really the printer the one that closes it or not.

Hey remember to rate all of the helpful posts, let me know if you do not know how

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Alvaro Rugama
Level 1
Level 1

Just for information about what my problem was.

Apparently the printer that we had in the remote office had the MTU configure in 1300, that's why we couldn´t load the web page.

Thank you for the information that you provide me.

Best Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: