06-24-2009 11:08 AM - edited 02-21-2020 03:32 AM
Hi all!
We have an ASA 5550, that for some connections there is no record of Teardown.
Logs of connections without Teardown:
3 - 2009/06/24 00:18:24.235 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88873324 for outside:172.x.x.x/22852 (192.168.x.x/22852) to intf3:172.23.x.x/6090 (10.12.x.x/6090)
4 - 2009/06/24 00:18:57.734 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88873415 for outside:172.x.x.x/22881 (192.168.x.x/22881) to intf3:172.23.x.x/6090 (10.12.x.x/6090)
5 - 2009/06/24 00:19:43.514 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88873611 for outside:172.x.x.x/22881 (192.168.x.x/22881) to intf3:172.23.x.x/6090 (10.12.x.x/6090)
6 - 2009/06/24 00:20:17.012 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88873735 for outside:172.x.x.x/22909 (192.168.x.x/22909) to intf3:172.23.x.x/6090 (10.12.x.x/6090)
7 - 2009/06/24 00:21:02.807 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88873897 for outside:172.x.x.x/22909 (192.168.x.x/22909) to intf3:172.23.x.x/6090 (10.12.x.x/6090)
8 - 2009/06/24 00:21:36.290 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88874125 for outside:172.x.x.x/22937 (192.168.x.x/22937) to intf3:172.23.x.x/6090 (10.12.x.x/6090)
Logs of connections with Teardown:
1 - 2009/06/23 23:24:09.468 BRT 10.x.x.x %ASA-6-302013: Built outbound TCP connection 88858554 for outside:192.168.x.x/80 (192.168.x.x/80) to inside:10.58.x.x/1915 (192.168.x.x/47736)
2 - 2009/06/23 23:24:34.435 BRT 10.x.xx %ASA-6-302014: Teardown TCP connection 88858554 for outside:192.168.x.x/80 to inside:10.58.x.x/1915 duration 0:00:24 bytes 107762 TCP FINs
Logging configuration:
ASA-EXT-07# sh run a
ASA-EXT-07# sh run all log
ASA-EXT-07# sh run all logging
logging enable
logging buffer-size 4096
logging asdm-buffer-size 100
logging monitor debugging
logging buffered debugging
logging trap debugging
logging host intf3 10.254.254.28
logging flash-minimum-free 3076
logging flash-maximum-allocation 1024
logging rate-limit 1 10 message 620002
logging rate-limit 1 10 message 717015
logging rate-limit 1 10 message 717018
logging rate-limit 1 10 message 201013
logging rate-limit 1 10 message 201012
logging rate-limit 1 10 message 405002
logging rate-limit 1 10 message 421007
logging rate-limit 1 10 message 405001
logging rate-limit 1 10 message 421001
logging rate-limit 1 10 message 421002
logging rate-limit 1 10 message 710002
logging rate-limit 1 10 message 209003
logging rate-limit 1 10 message 209004
logging rate-limit 1 10 message 209005
logging rate-limit 1 10 message 431002
logging rate-limit 1 10 message 431001
logging rate-limit 1 10 message 110001
logging rate-limit 1 10 message 450001
Appreciate any help!
06-30-2009 12:23 PM
%ASA-6-302013: Built {inbound|outbound} TCP connection_id for
interface:real-address/real-port (mapped-address/mapped-port) to
interface:real-address/real-port (mapped-address/mapped-port) [(user)]
Explanation A TCP connection slot between two hosts was created.
â¢connection_id -A unique identifier
â¢interface, real-address, real-port-The actual sockets
â¢mapped-address, mapped-port-The mapped sockets
â¢user-The AAA name of the user
If inbound is specified, the original control connection was initiated from the outside. For example, for FTP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, the original control connection was initiated from the inside.
Recommended Action None required.
%ASA-6-302014: Teardown TCP connection id for
interface:real-address/real-port to interface:real-address/real-port duration
hh:mm:ss bytes bytes [reason] [(user)]
Explanation A TCP connection between two hosts was deleted. The following list describes the message values:
â¢id -A unique identifier
â¢interface, real-address, real-port-The actual socket
â¢duration-The lifetime of the connection
â¢bytes-The data transfer of the connection
â¢user-The AAA name of the user
â¢reason-The action that causes the connection to terminate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide