Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Deny TCP (no connection)

I've remote branch connected to sentral branch via IPSEC.

10.20.5.9-mail server in central branch

10.20.58.15-user's PC in remote branch

Users in remote branch are trying to connect MS Exchange server via https and sometimes they can not do it. From log i can see next messages-

302014: Teardown TCP connection 11679 for outside:10.20.5.9/443 to inside:10.20.58.15/2173 duration 0:00:21 bytes 10227 TCP Reset-I

302014: Teardown TCP connection 11680 for outside:10.20.5.9/443 to inside:10.20.58.15/2174 duration 0:00:19 bytes 24783 TCP Reset-I

302014: Teardown TCP connection 11683 for outside:10.20.5.9/443 to inside:10.20.58.15/2177 duration 0:00:15 bytes 8841 TCP Reset-I

302014: Teardown TCP connection 11684 for outside:10.20.5.9/443 to inside:10.20.58.15/2178 duration 0:00:15 bytes 16162 TCP Reset-I

106015: Deny TCP (no connection) from 10.20.5.9/443 to 10.20.58.15/2174 flags PSH ACK on interface outside

106015: Deny TCP (no connection) from 10.20.5.9/443 to 10.20.58.15/2174 flags FIN ACK on interface outside

106015: Deny TCP (no connection) from 10.20.5.9/443 to 10.20.58.15/2178 flags PSH ACK on interface outside

106015: Deny TCP (no connection) from 10.20.5.9/443 to 10.20.58.15/2178 flags FIN ACK on interface outside

106015: Deny TCP (no connection) from 10.20.5.9/443 to 10.20.58.15/2178 flags FIN PSH ACK on interface outside

What does it mean and how to fix it?

2 REPLIES
Silver

Re: Deny TCP (no connection)

This Teardowns message will occur, when a lower security interface attempts to send traffic to a higher security interface.

Try this link:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008051a0cd.html#wp1052198

New Member

Re: Deny TCP (no connection)

Hi,

here are some questions:

1. Where is the server - on the outside DMZ?

2. What is the timeout for TCP connections in this Firewall?

Regards

1683
Views
0
Helpful
2
Replies
CreatePlease login to create content