cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
631
Views
0
Helpful
3
Replies

Error on my ASA 5500

mukundpalsikar
Level 1
Level 1

"106001: Inbound TCP connection denied from host(x.x.x.x), to websense flags SYN on interface inside", this is the error i am getting on my ASA 5500, could you please suggest me whats this? and how i solve it?

3 Replies 3

spremkumar
Level 9
Level 9

hi

hope this helps.

1. %PIX-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name

This is a connection-related message. This message occurs when an attempt to connect to an inside address is denied by your security policy. Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the PIX Firewall, and it was dropped. The tcp_flags in this packet are FIN and ACK. The tcp_flags are as follows: - ACK-The acknowledgment number was received. - FIN-Data was sent. - PSH-The receiver passed data to the application. - RST-The connection was reset. - SYN-Sequence numbers were synchronized to start a connection. - URG-The urgent pointer was declared valid.

Recommended Action: None required. Error Message %PIX-2-106002: protocol Connection denied by outbound list acl_ID src inside_address dest outside_address

regds

Hi Prem

I have opend the all ports in ACL, for this host, but its not working, as our main problem is websense is unable to disply the block page message on the system when user try to access the blocked websites that websense should do but ueser getting the "page cannot be displyed message instead". please help me.

check that your routing is symetric. many times this error and others like it are caused by asymetric routing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco