Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

TCP teardown by TCP Reset-O

Hello folks

Can any of you help me interpret what the following log entry means (look at the description field)?

tcp_reset-o.png

Does the O in Reset stand for "outside" og "outgoing" or something else?

To me the the line says that 10.101.85.152 is sending the TCP RST packet. The firewall receives the packet and closes the connection. Am I correct?

Does the firewall notify the other end of the flow that the connection has been forcefully closed?

Now take a look at the image below. If I'm correct, then it appears that the client (10.101.85.152) is trying to use a connection that it had aldready closed the hard way? Or perhaps the underlying OS closed the connection without informing the application or the application ignored the nofitication?

tcp-noconn.png

Am I correct in my assumptions?

Any help is appreciated.

Best regards

Jesper

Everyone's tags (5)
1 REPLY
Cisco Employee

TCP teardown by TCP Reset-O

Reset-O means that the Reset is from the Outside.

Here is the syslog messages for your reference:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/system/message/logmsgs_external_docbase_0900e4b18059d73b_4container_external_docbase_0900e4b180ef4f45.html#wp1280675

The logs means that the firewall already torn down the connection and it receives the ACK afterwards.

24597
Views
0
Helpful
1
Replies
CreatePlease to create content