Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Too many %ASA-6-106015 error messages on ASA

Hi Gurus,

I am receiving large amount of given below error messages on ASA, so it is not ignorable. I have tried to find on cisco.com, and it says can be ignore if not in large amount:

http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search&index=all&locale=en&query=ASA-6-106015&counter=0&paging=5&links=reference&sa=Submit

Hobart-Firewall# sh log | in 106015
g 11 2010 15:49:10: %ASA-6-106015: Deny TCP (no connection) from SWHBMCRSM2_hy/38588 to GSP-AUHT-HT01/389 flags RST  on interface hydro
Aug 11 2010 15:49:10: %ASA-6-106015: Deny TCP (no connection) from GSP-AUHT-HT01/389 to SWHBMCRSM2_hy/38594 flags RST  on interface inside
Aug 11 2010 15:49:10: %ASA-6-106015: Deny TCP (no connection) from SWHBMCRSM2_hy/38593 to GSP-AUHT-HT01/389 flags ACK  on interface hydro
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from SWHBMCRSM2_hy/38597 to GSP-AUHT-HT01/389 flags ACK  on interface hydro
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from GSP-AUHT-HT01/389 to SWHBMCRSM2_hy/38601 flags RST  on interface inside
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from GSP-AUHT-HT01/389 to SWHBMCRSM2_hy/38603 flags RST  on interface inside
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from SWHBMCRSM2_hy/38604 to GSP-AUHT-HT01/389 flags ACK  on interface hydro
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from GSP-AUHT-HT01/389 to SWHBMCRSM2_hy/38608 flags RST  on interface inside
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from SWHBMCRSM2_hy/38614 to GSP-AUHT-HT01/389 flags RST ACK  on interface hydro
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from SWHBMCRSM2_hy/38613 to GSP-AUHT-HT01/389 flags ACK  on interface hydro
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from SWHBMCRSM2_hy/38614 to GSP-AUHT-HT01/389 flags RST  on interface hydro
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from GSP-AUHT-HT01/389 to SWHBMCRSM2_hy/38625 flags RST  on interface inside
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from SWHBMCRSM2_hy/38621 to GSP-AUHT-HT01/389 flags RST ACK  on interface hydro
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from SWHBMCRSM2_hy/38621 to GSP-AUHT-HT01/389 flags RST  on interface hydro
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from GSP-AUHT-HT01/389 to SWHBMCRSM2_hy/38642 flags RST  on interface inside
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from GSP-AUHT-HT01/389 to SWHBMCRSM2_hy/38644 flags RST  on interface inside
Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from SWHBMCRSM2_hy/38644 to GSP-AUHT-HT01/389 flags ACK  on interface hydro

Any suggestion how t find out the reason, and how to troubleshoot it.

Best Regards,

3 REPLIES
Cisco Employee

Re: Too many %ASA-6-106015 error messages on ASA

Most logs are RST ACK packets.

Aug 11 2010 15:49:14: %ASA-6-106015: Deny TCP (no connection) from SWHBMCRSM2_hy/38604 to GSP-AUHT-HT01/389 flags ACK  on interface hydro

I am not sure of the interface security level. I am assuming SWHBMCRSM2_hy is lower level than this GSP-AUHT-HT01. But it talks about interface hydro.  Seems like there is some sort of asymmetry going on.

If the conversation is between two interfaces and all of a sudden one packet for that flow arrives on a different interface, the firewall will say - Sorry I do not have a connection in my table to allow this packet for this flow and log this syslog message.

I'd suggested looking at routing in your network.

-KS

New Member

Re: Too many %ASA-6-106015 error messages on ASA

Hi,

Thanks for the response.

hydro is on low security interface, and inside is on high security interface.

There is only a single path between these two servers, so no possibility for asymmetric routing. However the drops are between these two servers on LDAP (389) ports only.

GSP-AUHT-HT01 

SWHBMCRSM2_hy

Any idea, what could be the cause of these errors on TCP 389.

Best Regards,
Ahmed Shahzad.

Cisco Employee

Re: Too many %ASA-6-106015 error messages on ASA

I that case I believe that the connections gets torn down for some reason after which a subsequent packet arrives for that torn down connection and the firewall denies it saying there isn't a connection in the table for this flow for it to allow that packet through.

You should look at the entire logs and not just grep for 106015 so, you can see when the connection was built, when it was torn down and why and then this 106015 deny tcp no conn message.

-KS

12580
Views
3
Helpful
3
Replies
CreatePlease to create content