Hi all. One of my regional site is replicating sql traffic to our main sql server located in headquarters. However we receive many fail replication errors. On checking the firewall log i notice the following which shows that my regional sql server fail to connect to my main sql server. There is a deny traffic after the origination connection was teardown. How do i solve this? Thks in advance.
2008-11-06 18:17:57 Local4.Info 192.168.1.252 Nov 06 2008 03:29:35: %ASA-6-302014: Teardown TCP connection 25242900 for outside:sqlsvr/2411 to inside:mainsqlsvr/1433 duration 0:51:01 bytes 1042132 TCP Reset-I
2008-11-06 18:17:57 Local4.Info 192.168.1.252 Nov 06 2008 03:29:36: %ASA-6-106015: Deny TCP (no connection) from sqlsvr/2411 to mainsqlsvr/1433 flags ACK on interface outside
Error Message - %PIX|ASA-6-302014: Teardown TCP connection id for
interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss bytes
bytes [reason] [(user)]
Explanation - A TCP connection between two hosts was deleted. The following list describes the message values:
â¢connection id is an unique identifier.
â¢interface, real-address, real-port identify the actual sockets.
â¢duration is the lifetime of the connection.
â¢bytes bytes is the data transfer of the connection.
â¢user is the AAA name of the user.
The reason variable presents the action that causes the connection to terminate.
Error Message - %PIX|ASA-6-106015: Deny TCP (no connection) from IP_address/port to
IP_address/port flags tcp_flags on interface interface_name.
Explanation - The security appliance discarded a TCP packet that has no associated connection in the security appliance connection table. The security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the security appliance discards the packet.
Recommended Action - None required unless the security appliance receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...