I recently removed a managed firewall device (Linux based proprietary firewall) with a Cisco ASA5505. Now since the installation our Moneris POS terminals (for processing debit/credit card transactions) they continually fail to connect the first time (every time) after a undetermined period of inactivity. Once the first transaction fails the second attempt will work and it continues to work for X number of miinutes. At this stage the only theory I have is that once the NAT translation connection between the POS and the outside is ended the terminal has not reconnect and then it fails the first time again for some reason. There is one interesting thing in the logs:
Mar 20 09:41:14 192.168.1.254 %ASA-6-302013: Built outbound TCP connection 40952 for outside:xxx.xxx.63.80/443 (xxx.xxx.63.80/443) to inside:192.168.1.144/60851 (firstip/16544)
Mar 20 09:41:16 192.168.1.254 %ASA-6-302020: Built ICMP connection for faddr 192.168.1.144/0 gaddr 192.168.1.254/4388 laddr 192.168.1.254/4388
Mar 20 09:41:16 192.168.1.254 %ASA-6-302021: Teardown ICMP connection for faddr 192.168.1.144/0 gaddr 192.168.1.254/4388 laddr 192.168.1.254/4388
Mar 20 09:41:20 192.168.1.254 %ASA-6-302014: Teardown TCP connection 40952 for outside:xxx.xxx.63.80/443 to inside:192.168.1.144/60851 duration 0:00:05 bytes 2886 TCP FINs
Mar 20 09:41:20 192.168.1.254 %ASA-4-106023: Deny tcp src outside:xxx.xxx.63.80/443 dst inside:firstip/16544 by access-group "outside_access_in" [0x0, 0x0]
The tcp connection gets 'torndown' and then appears to be another packet from the other side even after the 'FIN' and the connection being taken down.
Hopefully someone else has experienced something similar and has an idea how to fix this.