Solved

TCP packets passes from Access List but drops due to TCP reset

Posted on 2008-10-14
2
1,367 Views
Last Modified: 2012-05-05
HI Team,

I have a challenging Issue here, We have a source trying to connect to the Server in the inside network.
Source: 10.11.5.173 ( WYSE TERMINAL), Destination : 10.10.10.170

As source has problem in connecting to the server, i ran the Firewall debugs and collected the following debugs, the same source conencts to another server on the same network fine, and that pretty much rules out the issue with the Firewall Blocking the connection over all, But i want to get tehse following debug meesageges deciphered so that i can get an indication whether it is caused by the Server inside the network and not the Firewall.

Syslog ID:                                                               Message
302013       Built inbound TCP connection for Outside:10.11.5.73/2332 (10.11.5.173/2332) to inside:10.10.10.70 /1494 ( 10.10.10.70/1494)

30214        Teardown TCP connection for Outside:10.11.5.73/2332 (10.11.5.173/2332) to inside:10.10.10.70 /1494 ( 10.10.10.70/1494) 0:00:00 bytes 3058 TCP Reset-I

106015     Deny TCP (no connection) from 10.11.5.173/2332 to 10.10.10.70/1494 flags FIN ACK on interface outside

an Urgent help will be greatly appriciated

Thanks Team,    
0
Comment
Question by:tariqmansoor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Accepted Solution

by:
Jay_Gridley earned 500 total points
ID: 22718996
Since I was unfamiliar with this log entry I did some digging and found this link that explains the logs entries quite extensively (credit where credit is due):
http://www.firewall.cx/ftopicp-11301.html

I would say that the problem is, as you expected, not on the firewall, but on the server. It seems to not respond to or deny the request. In the logs you see the(embryonic) connection being terminated.

Hope this helps.

JG

0
 

Author Comment

by:tariqmansoor
ID: 22806961
Thanks Team,

Attached Link was quite Helpful for getting more insight to Firewall Handiling of Packtet and generating related Logs

Regards
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question