ChristopherHaynes
asked on
Cisco ASA 5505 - Inbound TCP Connections Denied
Greetings all...
A few days ago, I had a client call with the problem of people not being able to get to the internet, web pages not loading after a while, and random internet drops in general. After pulling up the ASA 5505 logs, I see nothing but these:
"Inbound TCP connection denied from <outside IP>/80 to <client public ip>/4929 flags PSH ACK on interface outside"
You can substitute PSH ACK with FIN ACK, RST, and FIN PSH ACK.
Anyone know what's causing this? These errors come from random IP's on the outside but all are from source port 80 or 443; and they are nearly non-stop.
Any help here would be greatly appreciated. Thank you!!!
A few days ago, I had a client call with the problem of people not being able to get to the internet, web pages not loading after a while, and random internet drops in general. After pulling up the ASA 5505 logs, I see nothing but these:
"Inbound TCP connection denied from <outside IP>/80 to <client public ip>/4929 flags PSH ACK on interface outside"
You can substitute PSH ACK with FIN ACK, RST, and FIN PSH ACK.
Anyone know what's causing this? These errors come from random IP's on the outside but all are from source port 80 or 443; and they are nearly non-stop.
Any help here would be greatly appreciated. Thank you!!!
ASKER
Thanks for the suggestion, but alas, I'm still having issues. I've done a "sh xlate" and "sh conn all" and found a couple of machines that were in there (IPs who were listed more so than others) but even turning those machines off didn't fix the issue. Actually, things are degrading as the firewall is nearly flooded with these requests.
Any other suggestions?
Any other suggestions?
This is a tough one because if it isn't a response to outgoing traffic then it is originating from the outside and beyond your control. It could be some form of fraggle attack aimed across IP space that you fall under. At this point I would reach out to my ISP to see if they can help. Sorry I don't have a definitive answer for you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If I remember correctly you can do a "show conn all" or a "show xlate" and look for many many connections associated with the same internal IP address.