Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

%ASA-6-106015: Deny TCP (no connection) from inside-ip to inside-ip flags RST on interface inside

I have an ASA5510 8.02 that is the second gateway in the network, it is in a separated vlan and contains a pc that has the firewall A as gateway.

The pc wants to reach a host in the rest of the network behind an other router (I can ping it) but when connecting I keep on getting %ASA-6-106015.

So the packet goes trough gateway a and is than send back inside to the next inside hop and the host, which respons to ping, the packet tracer says it works.

What am I missing?

1 REPLY
New Member

Re: %ASA-6-106015: Deny TCP (no connection) from inside-ip to in

I have seen this message a couple of times when the the internal router has a route directly to the host (bypassing the firewall). Therefore, the host sends traffic through the firewall, through the router and to the destination, the return traffic then hits the router but is forwarded directly to the host. Could this be the case with your network?, it may be worth capturing packets on the ASA interface to see if the return packets are hitting the ASA.

2985
Views
5
Helpful
1
Replies
CreatePlease login to create content