What happens to TCP packet when it hits explicit deny in ACL
Basic questions before the details: Does an explicit deny on an ASA 5510 7.2(2) send a RST packet back to a SYN scanner? Why does it not just drop the packet? Can I make it do so? Do I understand what I'm doing? :)
Details: Got a client running his own Qualys (sp?) scanner on his network. When he scans well known ports at remote offices which essentially hang off 5510 DMZ's he receives an RST from port 25. As far the the Inside int ACL goes there is a specific deny of all smtp traffic not coming from his mail servers. Everything else from his scanner would at least be allowed past the ingress interface of the ASA.
But as mentioned he receives an RST from an smtp probe. Now I don't have access to his Qualys but I do have namap and I ran the following on a random (might not even exist) host at a remotre site:
Re: What happens to TCP packet when it hits explicit deny in ACL
Sorry I didn't mention it originally but I did check the esmtp inspect. Although I don't uderstand why, it has caused issues before (actually sending emails to @cisco.com ridiculously). As such it was/is turned off.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...