Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASA 5585 Flow Closed by inspection - running 8.4(6)

Hi,

We have a pair of ASA 5585-X in HA, running 8.4(6). Off late there have been a lot of concerns with file transfers getting terminated randomly with the log below:

%ASA-6-302014: Teardown TCP connection 103431437 for outside:x.x.x.x/1025 to inside:y.y.y.y/50022 duration 1:19:34 bytes 395734649 Flow closed by inspection

This is perfectly reproducible and is NOT related to the similar bug: CSCtg17779 as we notice that the session is being killed abruptly, and not a regular FIN/ACK etc.

When we tried from another pair of ASA 5525-X running 9.0 code, we could not reproduce the issue. Has anyone else seen this behaviour before? On the TCP packet captures on my firewall, I clearly see a RST packet form the remote IP to my local IP, however when I saw the captures from the remote FW, there is no packet showing a RST being sent from their IP.

Any thoguhts/suggestions/comments would be appreciated...

Thanks!

Everyone's tags (6)
3 REPLIES

ASA 5585 Flow Closed by inspection - running 8.4(6)

FYI.. I have tried sysopt onn tcpmsss1300 and sysopt conn preserve-vpn-flows per TAC - but still the same state...

New Member

ASA 5585 Flow Closed by inspection - running 8.4(6)

Hi,

did you get any furter with the issue. I saw similar behaviour in pair of  ASA 5550, 8.4(7) few weeks ago . TCP connections were incidentialy dropped with Teardown "Flow closed by inspection" message. It were not just wrong logging issue. The real traffic was affected.

Once I downgraded to an earlier release it disapeared. The 8.4(7) have been running with on other ASA boxes (5510, 5520)

with no problem.

Any clue appritiated.

Thanks

ASA 5585 Flow Closed by inspection - running 8.4(6)

Looks like this is the Bug with the problem:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCuj54806

We have removed "inspect icmp" from the Service Policy for the issue to be resolved temporarily.

Thanks.

3364
Views
0
Helpful
3
Replies
CreatePlease login to create content