Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

TCP-sessions disconnects after upgrading ASA to 9.1(2)

Hi,

A couple of months ago I upgraded an ASA 5520 to version 9.1(2). After the upgrade users often experience that RDP-sessions and other TCP-sessions going through the ASA disconnects. Before the upgrade we never experienced problems like this, the problems began the day after the upgrade. So my question is: How can I troubleshoot this problem? Any useful troubleshooting-commands or parameters to check? It seems that the problem occurs at random times and as said for different applications and hosts.

I know that my description is very general, but I have no idea of what triggers the problem.

Best regards,

Thor-Egil

Everyone's tags (4)
9 REPLIES
Community Member

TCP-sessions disconnects after upgrading ASA to 9.1(2)

Hi,

I have a similar problem but RDP via VPN:   https://supportforums.cisco.com/thread/2233901

This might be a  ICMP inspection problem if you have that on try to disable it.

Cheers

Community Member

TCP-sessions disconnects after upgrading ASA to 9.1(2)

Hi and thanks for your answer. I have now disablet the icmp inspection. Could you please describe how icmp inspection may be related to the drop-problems?

Community Member

Re: TCP-sessions disconnects after upgrading ASA to 9.1(2)

Its in CSCui40499

I have not made an real verification of this yet, can't do that until friday afternoon.

So do you see any diffrece?

Cheers

Re: TCP-sessions disconnects after upgrading ASA to 9.1(2)

Hello,

My best recommendation at the moment would be:

  1. Make sure you enable the logging service (with timestamp) on your ASA so we can correlate the problems at the time of the issue.
  2. Do captures at the time of the issue

This will help us with the cause of the issue, remember to focus on one specific connection failling across the ASA and then grab the right outputs about it.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

TCP-sessions disconnects after upgrading ASA to 9.1(2)

Hi,

I have now increased the logging level to debugging-level on the logs sent to syslog, I am using Splunk as syslog-server. Could you give some examples of what I should look for in the logs?

BR,

Thor-Egil

TCP-sessions disconnects after upgrading ASA to 9.1(2)

Hello,

As we do not know why the issue is happening you should filter the logs to show all traffic related to the connection with the issue(ofcourse at the time of the issue only)

Let me know if I was clear

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

Re: TCP-sessions disconnects after upgrading ASA to 9.1(2)

Hi again,

At the same time as we see the problem I see the following in the log:

%ASA-6-302014: Teardown TCP connection 54894121 for outside:128.39.227.88/15308 to
inside:10.100.3.21/15307 duration 28:52:54 bytes 41592000
Flow closed by inspection

It seemms that the ASA closes the connection due to an inspection-rule,
but how can I see which rule is causing this?

The only inspection that should hit the relevant ports is the waas-
inspection, I have tried to disable the inspeciton now.

Re: TCP-sessions disconnects after upgrading ASA to 9.1(2)

Hello,

Okey, can you share the show run policy-map?

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

Re: TCP-sessions disconnects after upgrading ASA to 9.1(2)

Here is the output from sh run policy-map. My problem is to understand which of the rules closes the connection showed in the log. I also have many other similar entries in the log where connections on different port-numbers are closed by inspection. But the connections using ports 15307/15308 are most critical so I concentrate on these first. Thank you for your help!

Sep 13 02:28:57 hrp-gw.hrp.no Sep 13 2013 02:28:57: %ASA-6-302014: Teardown TCP connection 58183832 for outside:128.39.227.88/15308 to inside:10.100.3.21/15307 duration 14:02:27 bytes 20217600 Flow closed by inspection

policy-map global_policy

class inspection_default

  inspect dns

  inspect ftp

  inspect ctiqbe

  inspect dcerpc

  inspect h323 h225

  inspect http

  inspect ils

  inspect ip-options

  inspect ipsec-pass-thru

  inspect mgcp

  inspect netbios

  inspect pptp

  inspect rsh

  inspect rtsp

  inspect sip

  inspect skinny

  inspect snmp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect xdmcp

  inspect icmp

  inspect icmp error

class global-class

  ips inline fail-open

!

1087
Views
0
Helpful
9
Replies
CreatePlease to create content