cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
661
Views
0
Helpful
1
Replies

ASA 5550 - there is no record in the log for Teardown

jrmalmeida
Level 1
Level 1

Hi all!

We have an ASA 5550, that for some connections there is no record of Teardown.

Logs of connections without Teardown:

3 - 2009/06/24 00:18:24.235 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88873324 for outside:172.x.x.x/22852 (192.168.x.x/22852) to intf3:172.23.x.x/6090 (10.12.x.x/6090)

4 - 2009/06/24 00:18:57.734 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88873415 for outside:172.x.x.x/22881 (192.168.x.x/22881) to intf3:172.23.x.x/6090 (10.12.x.x/6090)

5 - 2009/06/24 00:19:43.514 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88873611 for outside:172.x.x.x/22881 (192.168.x.x/22881) to intf3:172.23.x.x/6090 (10.12.x.x/6090)

6 - 2009/06/24 00:20:17.012 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88873735 for outside:172.x.x.x/22909 (192.168.x.x/22909) to intf3:172.23.x.x/6090 (10.12.x.x/6090)

7 - 2009/06/24 00:21:02.807 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88873897 for outside:172.x.x.x/22909 (192.168.x.x/22909) to intf3:172.23.x.x/6090 (10.12.x.x/6090)

8 - 2009/06/24 00:21:36.290 BRT 10.x.x.x %ASA-6-302013: Built inbound TCP connection 88874125 for outside:172.x.x.x/22937 (192.168.x.x/22937) to intf3:172.23.x.x/6090 (10.12.x.x/6090)

Logs of connections with Teardown:

1 - 2009/06/23 23:24:09.468 BRT 10.x.x.x %ASA-6-302013: Built outbound TCP connection 88858554 for outside:192.168.x.x/80 (192.168.x.x/80) to inside:10.58.x.x/1915 (192.168.x.x/47736)

2 - 2009/06/23 23:24:34.435 BRT 10.x.xx %ASA-6-302014: Teardown TCP connection 88858554 for outside:192.168.x.x/80 to inside:10.58.x.x/1915 duration 0:00:24 bytes 107762 TCP FINs

Logging configuration:

ASA-EXT-07# sh run a

ASA-EXT-07# sh run all log

ASA-EXT-07# sh run all logging

logging enable

logging buffer-size 4096

logging asdm-buffer-size 100

logging monitor debugging

logging buffered debugging

logging trap debugging

logging host intf3 10.254.254.28

logging flash-minimum-free 3076

logging flash-maximum-allocation 1024

logging rate-limit 1 10 message 620002

logging rate-limit 1 10 message 717015

logging rate-limit 1 10 message 717018

logging rate-limit 1 10 message 201013

logging rate-limit 1 10 message 201012

logging rate-limit 1 10 message 405002

logging rate-limit 1 10 message 421007

logging rate-limit 1 10 message 405001

logging rate-limit 1 10 message 421001

logging rate-limit 1 10 message 421002

logging rate-limit 1 10 message 710002

logging rate-limit 1 10 message 209003

logging rate-limit 1 10 message 209004

logging rate-limit 1 10 message 209005

logging rate-limit 1 10 message 431002

logging rate-limit 1 10 message 431001

logging rate-limit 1 10 message 110001

logging rate-limit 1 10 message 450001

Appreciate any help!

1 Reply 1

htarra
Level 4
Level 4

%ASA-6-302013: Built {inbound|outbound} TCP connection_id for

interface:real-address/real-port (mapped-address/mapped-port) to

interface:real-address/real-port (mapped-address/mapped-port) [(user)]

Explanation A TCP connection slot between two hosts was created.

•connection_id -A unique identifier

•interface, real-address, real-port-The actual sockets

•mapped-address, mapped-port-The mapped sockets

•user-The AAA name of the user

If inbound is specified, the original control connection was initiated from the outside. For example, for FTP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, the original control connection was initiated from the inside.

Recommended Action None required.

%ASA-6-302014: Teardown TCP connection id for

interface:real-address/real-port to interface:real-address/real-port duration

hh:mm:ss bytes bytes [reason] [(user)]

Explanation A TCP connection between two hosts was deleted. The following list describes the message values:

•id -A unique identifier

•interface, real-address, real-port-The actual socket

•duration-The lifetime of the connection

•bytes-The data transfer of the connection

•user-The AAA name of the user

•reason-The action that causes the connection to terminate.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: