Please HELP...ASA reset????

Our log has capture this and I have no Idea what this means...PLEASE HELP

TCP Reset-O: This reason is given for closing an inbound flow (from a high-security interface to low-security interface) when a TCP reset is received on the flow.

Can someone please tell me what does this mean???
golowaiAsked:
Who is Participating?
 
MikeKaneConnect With a Mentor Commented:
There's no way to tell what the issue was from the log.   All the log tells me is that the TCP session was torn down because the firewall received a reset packet.   Its the equivalent of hanging up on a phone call.   The "-O" means the reset packet was received on the outside interface.  

It is normal for every buildup to have a teardown.    The cause of the reset could be the remote application, a reset packet from a network device...  there's no way of knowing from this log though.
0
 
MikeKaneCommented:
Its a teardown message for the TCP session.  

Have a look here at this forum post for a good explanation of the message.
http://www.firewall.cx/ftopicp-10387.html

0
 
golowaiAuthor Commented:
Hi MikeKane, that link you provided doesn't work. but from reading on other site this is a normal activity.
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
MikeKaneCommented:
Link worked for me... just checked again.    

But this is a normal activity.   Its one of the methods of teardown
0
 
golowaiAuthor Commented:
Here's part of the log but it does show me that it was a hard reset. Is it safe to say that this is a power supply issue? cuz we have already moved the power plug from the power strip to an open wall jack.

1/6/2010 9:50:46 AM      10.66.66.99         <166> Jan 06 09:50:46 10.66.66.99 an 06 2010 10:50:46 single_vf : %ASA-6-302014: Teardown TCP connection 364428 for outside:x.x.x./80 to inside:10.66.66.111/41638 duration 0:09:15 bytes 139105 TCP Reset-O

1/6/2010 9:52:38 AM      10.66.66.99         <166> Jan 06 09:52:38 10.66.66.99 an 06 2010 10:52:30 single_vf : %ASA-6-305011: Built static TCP translation from inside:10.66.66.20/3389 to outside:x.x.x.x/65222


0
 
golowaiAuthor Commented:
"The cause of the reset could be the remote application" can you elaborate on this?

"a reset packet from a network device..."

currently we have the following logging enabled:
logging enable
logging timestamp
logging buffered informational
logging trap informational
logging asdm informational
logging device-id context-name
logging host inside 10.60.60.111
logging permit-hostdown

is this sufficient enough to capture what we need?
0
 
MikeKaneCommented:
Again, the firewall doesn't know anything other that it received a Reset packet.    It won't give you any info on what caused it or why it was sent.   If you are looking for a reason that the packet was sent, then you are looking in the wrong place.  

The Reset packet is a signal to end the session.   The application at the far end may have sent it, a network device in between may be the cause, there's no way of knowing just form looking at the firewall log.
0
 
golowaiAuthor Commented:
Thanks MikeKane...your patients and knowledge are most appreciated! One last question...where else in the firewall should i look? I've been scratching my head for the last month trying to figure this out!
0
 
MikeKaneCommented:
There's nothing in the firewall you need to look at.    The firewall config will not be the cause of the remote device sending the reset packet nor will you find anything in the config that would cause that either. .  
0
 
golowaiAuthor Commented:
understand...i guess i won't know if this is an hardware issue until i replace it with another unit. I'm going to close this since there's nothing more we can do. Thanks MikeKane!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.