?
Solved

Please HELP...ASA reset????

Posted on 2010-01-06
10
Medium Priority
?
482 Views
Last Modified: 2012-05-08
Our log has capture this and I have no Idea what this means...PLEASE HELP

TCP Reset-O: This reason is given for closing an inbound flow (from a high-security interface to low-security interface) when a TCP reset is received on the flow.

Can someone please tell me what does this mean???
0
Comment
Question by:golowai
  • 5
  • 5
10 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 26190787
Its a teardown message for the TCP session.  

Have a look here at this forum post for a good explanation of the message.
http://www.firewall.cx/ftopicp-10387.html

0
 

Author Comment

by:golowai
ID: 26191495
Hi MikeKane, that link you provided doesn't work. but from reading on other site this is a normal activity.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 26191683
Link worked for me... just checked again.    

But this is a normal activity.   Its one of the methods of teardown
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 

Author Comment

by:golowai
ID: 26191907
Here's part of the log but it does show me that it was a hard reset. Is it safe to say that this is a power supply issue? cuz we have already moved the power plug from the power strip to an open wall jack.

1/6/2010 9:50:46 AM      10.66.66.99         <166> Jan 06 09:50:46 10.66.66.99 an 06 2010 10:50:46 single_vf : %ASA-6-302014: Teardown TCP connection 364428 for outside:x.x.x./80 to inside:10.66.66.111/41638 duration 0:09:15 bytes 139105 TCP Reset-O

1/6/2010 9:52:38 AM      10.66.66.99         <166> Jan 06 09:52:38 10.66.66.99 an 06 2010 10:52:30 single_vf : %ASA-6-305011: Built static TCP translation from inside:10.66.66.20/3389 to outside:x.x.x.x/65222


0
 
LVL 33

Accepted Solution

by:
MikeKane earned 1000 total points
ID: 26192006
There's no way to tell what the issue was from the log.   All the log tells me is that the TCP session was torn down because the firewall received a reset packet.   Its the equivalent of hanging up on a phone call.   The "-O" means the reset packet was received on the outside interface.  

It is normal for every buildup to have a teardown.    The cause of the reset could be the remote application, a reset packet from a network device...  there's no way of knowing from this log though.
0
 

Author Comment

by:golowai
ID: 26192286
"The cause of the reset could be the remote application" can you elaborate on this?

"a reset packet from a network device..."

currently we have the following logging enabled:
logging enable
logging timestamp
logging buffered informational
logging trap informational
logging asdm informational
logging device-id context-name
logging host inside 10.60.60.111
logging permit-hostdown

is this sufficient enough to capture what we need?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 26192479
Again, the firewall doesn't know anything other that it received a Reset packet.    It won't give you any info on what caused it or why it was sent.   If you are looking for a reason that the packet was sent, then you are looking in the wrong place.  

The Reset packet is a signal to end the session.   The application at the far end may have sent it, a network device in between may be the cause, there's no way of knowing just form looking at the firewall log.
0
 

Author Comment

by:golowai
ID: 26200494
Thanks MikeKane...your patients and knowledge are most appreciated! One last question...where else in the firewall should i look? I've been scratching my head for the last month trying to figure this out!
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 26200691
There's nothing in the firewall you need to look at.    The firewall config will not be the cause of the remote device sending the reset packet nor will you find anything in the config that would cause that either. .  
0
 

Author Comment

by:golowai
ID: 26200895
understand...i guess i won't know if this is an hardware issue until i replace it with another unit. I'm going to close this since there's nothing more we can do. Thanks MikeKane!
0

Featured Post

Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month17 days, 2 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question