Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

understanding ASA logs

Please, can you help me about this log? what is the problem aroung here?

what is the meaning of this log?

:

%ASA-6-106015: Deny TCP (no connection) from 20.121.245.140/52284 to 172.46.3.234/443 flags FIN PSH ACK on interface outside

1 REPLY

Re: understanding ASA logs

There are just 'normal' messages seen on any ASA/PIX/FWSM, ignore them.

(I think) they occur because the firewall has already closed the connection (or at least one TCP end-point has) and the other side still is trying to 'finish' the connection. And since its not in the state table of the firewall its denied, hence the (no connection).

From the official docs:

106015

Error Message %PIX|ASA-6-106015: Deny TCP (no connection) from IP_address/port to

IP_address/port flags tcp_flags on interface interface_name.

Explanation The security appliance discarded a TCP packet that has no associated connection in the security appliance's connection table. The security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the security appliance discards the packet.

Recommended Action None required unless the security appliance receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent.

Regards

Farrukh

484
Views
0
Helpful
1
Replies