cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3819
Views
5
Helpful
1
Replies

%ASA-6-106015: Deny TCP (no connection) from inside-ip to inside-ip flags RST on interface inside

cisco_H
Level 1
Level 1

I have an ASA5510 8.02 that is the second gateway in the network, it is in a separated vlan and contains a pc that has the firewall A as gateway.

The pc wants to reach a host in the rest of the network behind an other router (I can ping it) but when connecting I keep on getting %ASA-6-106015.

So the packet goes trough gateway a and is than send back inside to the next inside hop and the host, which respons to ping, the packet tracer says it works.

What am I missing?

1 Reply 1

KBCISCO
Level 1
Level 1

I have seen this message a couple of times when the the internal router has a route directly to the host (bypassing the firewall). Therefore, the host sends traffic through the firewall, through the router and to the destination, the return traffic then hits the router but is forwarded directly to the host. Could this be the case with your network?, it may be worth capturing packets on the ASA interface to see if the return packets are hitting the ASA.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: