Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

a tcp connection between two hosts was deleted, asa

Posted on 2012-09-19
34
Medium Priority
?
3,966 Views
Last Modified: 2012-11-20
We are having an issue with our phone system being able to fast access our second location and the phone system company believes the issue is with our firewall/router. I checked and now see these alerts constantly comming up.

I have recently added new licenses, but nothing else.
I did notice  under configuration > global objects>network objects,groups that the objects for the phone ip addresses that i opened ports for the communication, are showing a subnet mask of 255.255.255.255 instead of 255.255.255.0 like all the other ip addresses on the network.
I didn't see a place to change that or set then when I created the ports and services.
0
Comment
Question by:raffie613
  • 21
  • 11
32 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38414640
A subnet with a mask of 255.255.255.255 specifies a single host.  It's nothing to worry about if all hosts are listed.

You may have to update your inspection of SIP traffic.

What do the logs indicate?
0
 

Author Comment

by:raffie613
ID: 38414670
this is the only log file i found

ASDM Application Logging Started at Wed Sep 19 10:56:03 CDT 2012
---------------------------------------------
Local Launcher Version = 1.5.30
Local Launcher Version Display = 1.5(30)
OK button clicked
Trying for ASDM Version file; url = https://10.0.0.1/admin/
Server Version = 5.2(4)
Server Launcher Version = 1.5.30, size = 319488 bytes
Launcher version checking is successful.
invoking SGZ Loader..
Cache location = C:/Documents and Settings/Administrator/.asdm/cache
*** ASDM running in standlone app mode. ****
Calling hideDMLauncherWindow...
Hiding the login window
 %ERROR: CLIMetricsParser:parseMetricInfo:Unrecognized:PHYSICALPORT|Ethernet0/0|up|UP|IP||MASK||IBC|9921050|OBC|878538|IPC|7992|OPC|5130|DPC|0|IBR|159075|OBR|14086|IPR|16|OPR|10|IERR|0|NB|0|RB|3287|RNT|0|GNT|0|CRC|0|FRM|0|OR|0|UR|0|IBCL2|9921050|OBCL2|878538|IPCL2|7992|OPCL2|5130||OERR|0|COLL|0|LCOLL|0|RST|0|DEF|0|LCR|0|HIQ|0|SIQ|0|HOQ|0|SOQ|0|
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38414684
Can you turn on logging and via cli, do a "sh log"?  I am interested in any lines that reference the SIP server.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:raffie613
ID: 38415165
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.09.19 14:20:54 =~=~=~=~=~=~=~=~=~=~=~=


User Access Verification


se###### show log
Syslog logging: enabled
    Facility: 20
    Timestamp logging: disabled
    Standby logging: disabled
    Deny Conn when Queue Full: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: disabled
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level informational, 854949 messages logged

securitysigfw# Syslog logging: enabled
                ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Facility: 20
                     ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Timestamp logging: disabled
                    ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Standby logging: disabled
                    ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Deny Conn when Queue Full: disabled
                     ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Console logging: disabled
                      ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Monitor logging: disabled
                     ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Buffer logging: disabled
                    ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Trap logging: disabled
                      ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     History logging: disabled
                    ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Device ID: disabled
                     ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Mail logging: disabled
                    ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     ASDM logging: level informational, 854949 messages logged
                        ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw# Syslog logging: enabled
                ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Facility: 20
                     ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Timestamp logging: disabled
                    ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Standby logging: disabled
                    ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Deny Conn when Queue Full: disabled
                     ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Console logging: disabled
                      ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Monitor logging: disabled
                     ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Buffer logging: disabled
                    ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Trap logging: disabled
                      ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     History logging: disabled
                    ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Device ID: disabled
                     ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     Mail logging: disabled
                    ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw#     ASDM logging: level informational, 854949 messages logged
                        ^
ERROR: % Invalid input detected at '^' marker.

securitysigfw# sh log
Syslog logging: enabled
    Facility: 20
    Timestamp logging: disabled
    Standby logging: disabled
    Deny Conn when Queue Full: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: disabled
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level informational, 855175 messages logged
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38415294
config t
 logging enable
 logging timestamp
 logging buffer-size 32768
 logging console critical
 logging buffered debugging
 logging trap informational
 logging asdm informational
0
 

Author Comment

by:raffie613
ID: 38415995
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.09.19 18:20:08 =~=~=~=~=~=~=~=~=~=~=~=


User Access Verification



sew# sh log
Syslog logging: enabled
    Facility: 20
    Timestamp logging: enabled
    Standby logging: disabled
    Deny Conn when Queue Full: disabled
    Console logging: level critical, 0 messages logged
    Monitor logging: level informational, 64 messages logged
    Buffer logging: level debugging, 318 messages logged
    Trap logging: level informational, facility 20, 142 messages logged
    History logging: level informational, 67 messages logged
    Device ID: disabled
    Mail logging: level informational, 66 messages logged
    ASDM logging: level informational, 898727 messages logged
10:58:41: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:58:42: %ASA-7-609001: Built local-host outside:4.2.2.2
Sep 19 2012 10:58:42: %ASA-6-305011: Built dynamic UDP translation from inside:10.0.0.2/51976 to outside:75.151.223.121/54947
Sep 19 2012 10:58:42: %ASA-6-302015: Built outbound UDP connection 224390 for outside:4.2.2.2/53 (4.2.2.2/53) to inside:10.0.0.2/51976 (75.151.223.121/54947)
Sep 19 2012 10:58:42: %ASA-6-302016: Teardown UDP connection 224390 for outside:4.2.2.2/53 to inside:10.0.0.2/51976 duration 0:00:00 bytes 214
Sep 19 2012 10:58:42: %ASA-7-609002: Teardown local-host outside:4.2.2.2 duration 0:00:00
Sep 19 2012 10:58:42: %ASA-7-609001: Built local-host inside:10.0.0.92
Sep 19 2012 10:58:42: %ASA-7-609001: Built local-host outside:64.208.21.41
Sep 19 2012 10:58:42: %ASA-6-305011: Built dynamic TCP translation from inside:10.0.0.92/1390 to outside:75.151.223.121/36133
Sep 19 2012 10:58:42: %ASA-6-302013: Built outbound TCP connection 224391 for outside:64.208.21.41/80 (64.208.21.41/80) to inside:10.0.0.92/1390 (75.151.223.121/36133)
Sep 19 2012 10:58:43: %ASA-6-302014: Teardown TCP connection 224391 for outside:64.208.21.41/80 to inside:10.0.0.92/1390 duration 0:00:00 bytes 10240 TCP Reset-I
Sep 19 2012 10:58:43: %ASA-7-609002: Teardown local-host outside:64.208.21.41 duration 0:00:00
<--- More --->
             
Sep 19 2012 10:58:46: %ASA-6-305012: Teardown dynamic UDP translation from inside:10.0.0.2/50269 to outside:75.151.223.121/54946 duration 0:00:30
Sep 19 2012 10:58:46: %ASA-6-305012: Teardown dynamic TCP translation from inside:10.0.0.83/1439 to outside:75.151.223.121/36131 duration 0:00:30
Sep 19 2012 10:58:46: %ASA-6-305012: Teardown dynamic TCP translation from inside:10.0.0.82/2309 to outside:75.151.223.121/36132 duration 0:00:30
Sep 19 2012 10:58:46: %ASA-7-609002: Teardown local-host inside:10.0.0.82 duration 0:00:30
Sep 19 2012 10:58:46: %ASA-6-113012: AAA user authentication Successful : local database : user = securas
Sep 19 2012 10:58:46: %ASA-6-113008: AAA transaction status ACCEPT : user = securas
Sep 19 2012 10:58:46: %ASA-6-611101: User authentication succeeded: Uname: securas
Sep 19 2012 10:58:46: %ASA-5-502103: User priv level changed: Uname: securas From: 1 To: 15
Sep 19 2012 10:58:47: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:58:52: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
0.0.0.255/61117
Sep 19 2012 10:52:50: %ASA-5-111007: Begin configuration: 10.0.0.2 reading from terminal
Sep 19 2012 10:52:50: %ASA-5-111008: User 'securas' executed the 'configure t' command.
Sep 19 2012 10:52:50: %ASA-5-111008: User 'securas' executed the 'logging enable' command.
Sep 19 2012 10:52:50: %ASA-5-111008: User 'securas' executed the 'logging timestamp' command.
Sep 19 2012 10:52:50: %ASA-5-111008: User 'securas' executed the 'logging buffer-size 32768' command.
Sep 19 2012 10:52:50: %ASA-5-111008: User 'securas' executed the 'logging console critical' command.
Sep 19 2012 10:52:50: %ASA-5-111008: User 'securas' executed the 'logging buffered debugging' command.
Sep 19 2012 10:52:50: %ASA-5-111008: User 'securas' executed the 'logging trap informational' command.
Sep 19 2012 10:52:51: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:52:55: %ASA-5-111008: User 'securas' executed the 'logging asdm informational' command.
Sep 19 2012 10:52:56: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:53:01: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:53:06: %ASA-6-302016: Teardown UDP connection 224361 for outside:64.74.103.131/1152 to inside:10.0.0.2/4686 duration 0:02:01 bytes 168
<--- More --->
             
Sep 19 2012 10:53:06: %ASA-6-302016: Teardown UDP connection 224362 for outside:64.74.103.131/1153 to inside:10.0.0.2/4686 duration 0:02:01 bytes 24
Sep 19 2012 10:53:06: %ASA-6-302016: Teardown UDP connection 224363 for outside:64.74.103.151/1153 to inside:10.0.0.2/4686 duration 0:02:01 bytes 24
Sep 19 2012 10:53:06: %ASA-7-609002: Teardown local-host outside:64.74.103.151 duration 0:02:01
Sep 19 2012 10:53:06: %ASA-6-302016: Teardown UDP connection 224365 for outside:184.41.14.211/58936 to inside:10.0.0.2/1518 duration 0:02:01 bytes 1472
Sep 19 2012 10:53:06: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:53:11: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:53:14: %ASA-7-609001: Built local-host outside:4.2.2.2
Sep 19 2012 10:53:14: %ASA-6-305011: Built dynamic UDP translation from inside:10.0.0.2/63585 to outside:75.151.223.121/54942
Sep 19 2012 10:53:14: %ASA-6-302015: Built outbound UDP connection 224368 for outside:4.2.2.2/53 (4.2.2.2/53) to inside:10.0.0.2/63585 (75.151.223.121/54942)
Sep 19 2012 10:53:14: %ASA-6-302016: Teardown UDP connection 224368 for outside:4.2.2.2/53 to inside:10.0.0.2/63585 duration 0:00:00 bytes 214
Sep 19 2012 10:53:14: %ASA-7-609002: Teardown local-host outside:4.2.2.2 duration 0:00:00
Sep 19 2012 10:53:14: %ASA-7-609001: Built local-host outside:64.208.21.8
Sep 19 2012 10:53:14: %ASA-6-305011: Built dynamic TCP translation from inside:10.0.0.83/1433 to outside:75.151.223.121/36126
Sep 19 2012 10:53:14: %ASA-6-302013: Built outbound TCP connection 224369 for outside:64.208.21.8/80 (64.208.21.8/80) to inside:10.0.0.83/1433 (75.151.223.121/36126)
Sep 19 2012 10:53:15: %ASA-6-302014: Teardown TCP connection 224369 for outside:64.208.21.8/80 to inside:10.0.0.83/1433 duration 0:00:00 bytes 9168 TCP Reset-I
Sep 19 2012 10:53:15: %ASA-7-609002: Teardown local-host outside:64.208.21.8 duration 0:00:00
Sep 19 2012 10:53:15: %ASA-7-609001: Built local-host inside:10.0.0.82
Sep 19 2012 10:53:15: %ASA-7-609001: Built local-host outside:64.208.21.32
Sep 19 2012 10:53:15: %ASA-6-305011: Built dynamic TCP translation from inside:10.0.0.82/2303 to outside:75.151.223.121/36127
Sep 19 2012 10:53:15: %ASA-6-302013: Built outbound TCP connection 224370 for outside:64.208.21.32/80 (64.208.21.32/80) to inside:10.0.0.82/2303 (75.151.223.121/36127)
Sep 19 2012 10:53:16: %ASA-6-302014: Teardown TCP connection 224370 for outside:64.208.21.32/80 to inside:10.0.0.82/2303 duration 0:00:00 bytes 9253 TCP Reset-I
Sep 19 2012 10:53:16: %ASA-7-609002: Teardown local-host outside:64.208.21.32 duration 0:00:00
Sep 19 2012 10:53:16: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:53:21: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
<--- More --->
             
Sep 19 2012 10:53:22: %ASA-7-710005: UDP request discarded from 10.0.0.254/138 to inside:10.0.0.255/138
Sep 19 2012 10:53:26: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:53:31: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:53:35: %ASA-6-305012: Teardown dynamic UDP translation from inside:10.0.0.2/1518 to outside:75.151.223.121/54941 duration 0:02:30
Sep 19 2012 10:53:36: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:53:41: %ASA-7-609001: Built local-host outside:4.2.2.2
Sep 19 2012 10:53:41: %ASA-6-305011: Built dynamic UDP translation from inside:10.0.0.2/54445 to outside:75.151.223.121/54943
Sep 19 2012 10:53:41: %ASA-6-302015: Built outbound UDP connection 224371 for outside:4.2.2.2/53 (4.2.2.2/53) to inside:10.0.0.2/54445 (75.151.223.121/54943)
Sep 19 2012 10:53:41: %ASA-6-302016: Teardown UDP connection 224371 for outside:4.2.2.2/53 to inside:10.0.0.2/54445 duration 0:00:00 bytes 214
Sep 19 2012 10:53:41: %ASA-7-609002: Teardown local-host outside:4.2.2.2 duration 0:00:00
Sep 19 2012 10:53:41: %ASA-7-609001: Built local-host inside:10.0.0.92
Sep 19 2012 10:53:41: %ASA-7-609001: Built local-host outside:64.208.21.34
Sep 19 2012 10:53:41: %ASA-6-305011: Built dynamic TCP translation from inside:10.0.0.92/1388 to outside:75.151.223.121/36128
Sep 19 2012 10:53:41: %ASA-6-302013: Built outbound TCP connection 224372 for outside:64.208.21.34/80 (64.208.21.34/80) to inside:10.0.0.92/1388 (75.151.223.121/36128)
Sep 19 2012 10:53:41: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:53:41: %ASA-6-302014: Teardown TCP connection 224372 for outside:64.208.21.34/80 to inside:10.0.0.92/1388 duration 0:00:00 bytes 9221 TCP Reset-I
Sep 19 2012 10:53:41: %ASA-7-609002: Teardown local-host outside:64.208.21.34 duration 0:00:00
Sep 19 2012 10:53:44: %ASA-6-305012: Teardown dynamic UDP translation from inside:10.0.0.2/63585 to outside:75.151.223.121/54942 duration 0:00:30
Sep 19 2012 10:53:44: %ASA-6-305012: Teardown dynamic TCP translation from inside:10.0.0.83/1433 to outside:75.151.223.121/36126 duration 0:00:30
Sep 19 2012 10:53:45: %ASA-6-305012: Teardown dynamic TCP translation from inside:10.0.0.82/2303 to outside:75.151.223.121/36127 duration 0:00:30
Sep 19 2012 10:53:45: %ASA-7-609002: Teardown local-host inside:10.0.0.82 duration 0:00:30
Sep 19 2012 10:53:46: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:53:48: %ASA-7-609001: Built local-host inside:10.0.0.93
Sep 19 2012 10:53:48: %ASA-6-302015: Built inbound UDP connection 224373 for inside:10.0.0.93/68 (10.0.0.93/68) to NP Identity Ifc:10.0.0.1/67 (10.0.0.1/67)
<--- More --->
             
Sep 19 2012 10:53:48: %ASA-6-604103: DHCP daemon interface inside:  address granted 0063.6973.636f.2d30.3032.312e.3162.3364.2e32.3863.302d.566c.31 (10.0.0.93)
Sep 19 2012 10:53:51: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:53:56: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:01: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:06: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:11: %ASA-6-305012: Teardown dynamic UDP translation from inside:10.0.0.2/54445 to outside:75.151.223.121/54943 duration 0:00:30
Sep 19 2012 10:54:11: %ASA-6-305012: Teardown dynamic TCP translation from inside:10.0.0.92/1388 to outside:75.151.223.121/36128 duration 0:00:30
Sep 19 2012 10:54:11: %ASA-7-609002: Teardown local-host inside:10.0.0.92 duration 0:00:30
Sep 19 2012 10:54:11: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:16: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:18: %ASA-7-710005: UDP request discarded from 10.0.0.96/138 to inside:10.0.0.255/138
Sep 19 2012 10:54:21: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:26: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:31: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:36: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:41: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:46: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:51: %ASA-7-609001: Built local-host outside:208.173.10.98
Sep 19 2012 10:54:51: %ASA-7-609001: Built local-host NP Identity Ifc:75.151.223.121
Sep 19 2012 10:54:51: %ASA-6-302020: Built inbound ICMP connection for faddr 208.173.10.98/1650 gaddr 75.151.223.121/0 laddr 75.151.223.121/0
Sep 19 2012 10:54:51: %ASA-6-302021: Teardown ICMP connection for faddr 208.173.10.98/1650 gaddr 75.151.223.121/0 laddr 75.151.223.121/0
Sep 19 2012 10:54:51: %ASA-7-609002: Teardown local-host outside:208.173.10.98 duration 0:00:00
Sep 19 2012 10:54:51: %ASA-7-609002: Teardown local-host NP Identity Ifc:75.151.223.121 duration 0:00:00
Sep 19 2012 10:54:51: %ASA-7-609001: Built local-host outside:208.173.10.98
<--- More --->
             
Sep 19 2012 10:54:51: %ASA-7-609001: Built local-host NP Identity Ifc:75.151.223.121
Sep 19 2012 10:54:51: %ASA-6-302020: Built inbound ICMP connection for faddr 208.173.10.98/1650 gaddr 75.151.223.121/0 laddr 75.151.223.121/0
Sep 19 2012 10:54:51: %ASA-6-302021: Teardown ICMP connection for faddr 208.173.10.98/1650 gaddr 75.151.223.121/0 laddr 75.151.223.121/0
Sep 19 2012 10:54:51: %ASA-7-609002: Teardown local-host outside:208.173.10.98 duration 0:00:00
Sep 19 2012 10:54:51: %ASA-7-609002: Teardown local-host NP Identity Ifc:75.151.223.121 duration 0:00:00
Sep 19 2012 10:54:51: %ASA-7-609001: Built local-host outside:208.173.10.98
Sep 19 2012 10:54:51: %ASA-7-609001: Built local-host NP Identity Ifc:75.151.223.121
Sep 19 2012 10:54:51: %ASA-6-302020: Built inbound ICMP connection for faddr 208.173.10.98/1650 gaddr 75.151.223.121/0 laddr 75.151.223.121/0
Sep 19 2012 10:54:51: %ASA-6-302021: Teardown ICMP connection for faddr 208.173.10.98/1650 gaddr 75.151.223.121/0 laddr 75.151.223.121/0
Sep 19 2012 10:54:51: %ASA-7-609002: Teardown local-host outside:208.173.10.98 duration 0:00:00
Sep 19 2012 10:54:51: %ASA-7-609002: Teardown local-host NP Identity Ifc:75.151.223.121 duration 0:00:00
Sep 19 2012 10:54:51: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:54:56: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:01: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:06: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:11: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:15: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:15: %ASA-7-609001: Built local-host outside:4.2.2.2
Sep 19 2012 10:55:15: %ASA-6-305011: Built dynamic UDP translation from inside:10.0.0.2/62728 to outside:75.151.223.121/54944
Sep 19 2012 10:55:15: %ASA-6-302015: Built outbound UDP connection 224377 for outside:4.2.2.2/53 (4.2.2.2/53) to inside:10.0.0.2/62728 (75.151.223.121/54944)
Sep 19 2012 10:55:15: %ASA-6-302016: Teardown UDP connection 224377 for outside:4.2.2.2/53 to inside:10.0.0.2/62728 duration 0:00:00 bytes 214
Sep 19 2012 10:55:15: %ASA-7-609002: Teardown local-host outside:4.2.2.2 duration 0:00:00
Sep 19 2012 10:55:15: %ASA-7-609001: Built local-host inside:10.0.0.98
Sep 19 2012 10:55:15: %ASA-7-609001: Built local-host outside:64.208.21.34
<--- More --->
             
Sep 19 2012 10:55:15: %ASA-6-305011: Built dynamic TCP translation from inside:10.0.0.98/53794 to outside:75.151.223.121/36129
Sep 19 2012 10:55:15: %ASA-6-302013: Built outbound TCP connection 224378 for outside:64.208.21.34/80 (64.208.21.34/80) to inside:10.0.0.98/53794 (75.151.223.121/36129)
Sep 19 2012 10:55:16: %ASA-6-302014: Teardown TCP connection 224378 for outside:64.208.21.34/80 to inside:10.0.0.98/53794 duration 0:00:00 bytes 1174 TCP Reset-I
Sep 19 2012 10:55:16: %ASA-7-609002: Teardown local-host outside:64.208.21.34 duration 0:00:00
Sep 19 2012 10:55:16: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:21: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:25: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:26: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:28: %ASA-7-710005: UDP request discarded from 10.0.0.85/138 to inside:10.0.0.255/138
Sep 19 2012 10:55:31: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:33: %ASA-7-609001: Built local-host outside:4.2.2.2
Sep 19 2012 10:55:33: %ASA-6-305011: Built dynamic UDP translation from inside:10.0.0.2/55395 to outside:75.151.223.121/54945
Sep 19 2012 10:55:33: %ASA-6-302015: Built outbound UDP connection 224379 for outside:4.2.2.2/53 (4.2.2.2/53) to inside:10.0.0.2/55395 (75.151.223.121/54945)
Sep 19 2012 10:55:33: %ASA-6-302016: Teardown UDP connection 224379 for outside:4.2.2.2/53 to inside:10.0.0.2/55395 duration 0:00:00 bytes 214
Sep 19 2012 10:55:33: %ASA-7-609002: Teardown local-host outside:4.2.2.2 duration 0:00:00
Sep 19 2012 10:55:33: %ASA-7-609001: Built local-host outside:64.208.21.33
Sep 19 2012 10:55:33: %ASA-6-305011: Built dynamic TCP translation from inside:10.0.0.88/3336 to outside:75.151.223.121/36130
Sep 19 2012 10:55:33: %ASA-6-302013: Built outbound TCP connection 224380 for outside:64.208.21.33/80 (64.208.21.33/80) to inside:10.0.0.88/3336 (75.151.223.121/36130)
Sep 19 2012 10:55:34: %ASA-6-302014: Teardown TCP connection 224380 for outside:64.208.21.33/80 to inside:10.0.0.88/3336 duration 0:00:00 bytes 1264 TCP Reset-I
Sep 19 2012 10:55:34: %ASA-7-609002: Teardown local-host outside:64.208.21.33 duration 0:00:00
Sep 19 2012 10:55:36: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:41: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:45: %ASA-6-305012: Teardown dynamic UDP translation from inside:10.0.0.2/62728 to outside:75.151.223.121/54944 duration 0:00:30
Sep 19 2012 10:55:46: %ASA-6-305012: Teardown dynamic TCP translation from inside:10.0.0.98/53794 to outside:75.151.223.121/36129 duration 0:00:30
<--- More --->
             
Sep 19 2012 10:55:46: %ASA-7-609002: Teardown local-host inside:10.0.0.98 duration 0:00:30
Sep 19 2012 10:55:46: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:49: %ASA-6-302016: Teardown UDP connection 224373 for inside:10.0.0.93/68 to NP Identity Ifc:10.0.0.1/67 duration 0:02:01 bytes 925
Sep 19 2012 10:55:49: %ASA-7-609002: Teardown local-host inside:10.0.0.93 duration 0:02:01
Sep 19 2012 10:55:51: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:55:56: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:01: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:03: %ASA-6-305012: Teardown dynamic UDP translation from inside:10.0.0.2/55395 to outside:75.151.223.121/54945 duration 0:00:30
Sep 19 2012 10:56:03: %ASA-6-305012: Teardown dynamic TCP translation from inside:10.0.0.88/3336 to outside:75.151.223.121/36130 duration 0:00:30
Sep 19 2012 10:56:03: %ASA-7-710005: UDP request discarded from 10.0.0.83/137 to inside:10.0.0.255/137
Sep 19 2012 10:56:04: %ASA-7-710005: UDP request discarded from 10.0.0.83/137 to inside:10.0.0.255/137
Sep 19 2012 10:56:05: %ASA-7-710005: UDP request discarded from 10.0.0.83/137 to inside:10.0.0.255/137
Sep 19 2012 10:56:06: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:07: %ASA-7-710005: UDP request discarded from 10.0.0.88/138 to inside:10.0.0.255/138
Sep 19 2012 10:56:11: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:16: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:21: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:26: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:31: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:36: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:41: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:46: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:51: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:56:56: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
<--- More --->
             
Sep 19 2012 10:57:01: %ASA-7-710005: UDP request discarded from 10.0.0.2/138 to inside:10.0.0.255/138
Sep 19 2012 10:57:01: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:57:06: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:57:11: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:57:16: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:57:21: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:57:26: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:57:31: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:57:36: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:57:40: %ASA-6-302013: Built inbound TCP connection 224381 for inside:10.0.0.2/1576 (10.0.0.2/1576) to NP Identity Ifc:10.0.0.1/443 (10.0.0.1/443)
Sep 19 2012 10:57:40: %ASA-7-710002: TCP access permitted from 10.0.0.2/1576 to inside:10.0.0.1/https
Sep 19 2012 10:57:40: %ASA-6-725001: Starting SSL handshake with client inside:10.0.0.2/1576 for TLSv1 session.
Sep 19 2012 10:57:40: %ASA-7-725010: Device supports the following 5 cipher(s).
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[1] : AES256-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[2] : AES128-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[3] : DES-CBC3-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[4] : DES-CBC-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[5] : RC4-MD5
Sep 19 2012 10:57:40: %ASA-7-725008: SSL client inside:10.0.0.2/1576 proposes the following 15 cipher(s).
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[1] : RC4-MD5
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[2] : RC4-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[3] : AES128-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[4] : DHE-RSA-AES128-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[5] : DHE-DSS-AES128-SHA
<--- More --->
             
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[6] : DES-CBC3-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[7] : EDH-RSA-DES-CBC3-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[8] : EDH-DSS-DES-CBC3-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[9] : DES-CBC-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[10] : EDH-RSA-DES-CBC-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[11] : EDH-DSS-DES-CBC-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[12] : EXP-RC4-MD5
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[13] : EXP-DES-CBC-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[14] : EXP-EDH-RSA-DES-CBC-SHA
Sep 19 2012 10:57:40: %ASA-7-725011: Cipher[15] : EXP-EDH-DSS-DES-CBC-SHA
Sep 19 2012 10:57:40: %ASA-7-725012: Device chooses cipher : AES128-SHA for the SSL session with client inside:10.0.0.2/1576
Sep 19 2012 10:57:40: %ASA-6-725002: Device completed SSL handshake with client inside:10.0.0.2/1576
Sep 19 2012 10:57:40: %ASA-6-605005: Login permitted from 10.0.0.2/1576 to inside:10.0.0.1/https for user "securas"
Sep 19 2012 10:57:40: %ASA-5-111007: Begin configuration: 10.0.0.2 reading from http [POST]
Sep 19 2012 10:57:40: %ASA-5-111008: User 'securas' executed the 'logging buffered Debugging' command.
Sep 19 2012 10:57:40: %ASA-5-111008: User 'securas' executed the 'logging history Informational' command.
Sep 19 2012 10:57:40: %ASA-5-111008: User 'securas' executed the 'logging mail Informational' command.
Sep 19 2012 10:57:40: %ASA-5-111008: User 'securas' executed the 'logging console Critical' command.
Sep 19 2012 10:57:40: %ASA-5-111008: User 'securas' executed the 'logging monitor Informational' command.
Sep 19 2012 10:57:40: %ASA-5-111008: User 'securas' executed the 'logging trap Informational' command.
Sep 19 2012 10:57:40: %ASA-6-725007: SSL session with client inside:10.0.0.2/1576 terminated.
Sep 19 2012 10:57:40: %ASA-6-302014: Teardown TCP connection 224381 for inside:10.0.0.2/1576 to NP Identity Ifc:10.0.0.1/443 duration 0:00:00 bytes 1808 TCP FINs
Sep 19 2012 10:57:40: %ASA-6-302013: Built inbound TCP connection 224382 for inside:10.0.0.2/1577 (10.0.0.2/1577) to NP Identity Ifc:10.0.0.1/443 (10.0.0.1/443)
Sep 19 2012 10:57:40: %ASA-6-725001: Starting SSL handshake with client inside:10.0.0.2/1577 for TLSv1 session.
<--- More --->
             
Sep 19 2012 10:57:40: %ASA-6-725003: SSL client inside:10.0.0.2/1577 request to resume previous session.
Sep 19 2012 10:57:40: %ASA-6-725002: Device completed SSL handshake with client inside:10.0.0.2/1577
Sep 19 2012 10:57:40: %ASA-6-605005: Login permitted from 10.0.0.2/1577 to inside:10.0.0.1/https for user "securas"
Sep 19 2012 10:57:40: %ASA-7-111009: User 'securas' executed cmd: show version
Sep 19 2012 10:57:40: %ASA-5-111008: User 'securas' executed the 'perfmon interval 10' command.
Sep 19 2012 10:57:40: %ASA-6-725007: SSL session with client inside:10.0.0.2/1577 terminated.
Sep 19 2012 10:57:40: %ASA-6-302014: Teardown TCP connection 224382 for inside:10.0.0.2/1577 to NP Identity Ifc:10.0.0.1/443 duration 0:00:00 bytes 3041 TCP FINs
Sep 19 2012 10:57:40: %ASA-6-302013: Built inbound TCP connection 224383 for inside:10.0.0.2/1578 (10.0.0.2/1578) to NP Identity Ifc:10.0.0.1/443 (10.0.0.1/443)
Sep 19 2012 10:57:40: %ASA-6-725001: Starting SSL handshake with client inside:10.0.0.2/1578 for TLSv1 session.
Sep 19 2012 10:57:40: %ASA-6-725003: SSL client inside:10.0.0.2/1578 request to resume previous session.
Sep 19 2012 10:57:40: %ASA-6-725002: Device completed SSL handshake with client inside:10.0.0.2/1578
Sep 19 2012 10:57:40: %ASA-6-605005: Login permitted from 10.0.0.2/1578 to inside:10.0.0.1/https for user "securas"
Sep 19 2012 10:57:40: %ASA-7-111009: User 'securas' executed cmd: show running-config all regex
Sep 19 2012 10:57:40: %ASA-6-725007: SSL session with client inside:10.0.0.2/1578 terminated.
Sep 19 2012 10:57:40: %ASA-6-302013: Built inbound TCP connection 224384 for inside:10.0.0.2/1579 (10.0.0.2/1579) to NP Identity Ifc:10.0.0.1/443 (10.0.0.1/443)
Sep 19 2012 10:57:40: %ASA-6-725001: Starting SSL handshake with client inside:10.0.0.2/1579 for TLSv1 session.
Sep 19 2012 10:57:40: %ASA-6-725003: SSL client inside:10.0.0.2/1579 request to resume previous session.
Sep 19 2012 10:57:40: %ASA-6-725002: Device completed SSL handshake with client inside:10.0.0.2/1579
Sep 19 2012 10:57:40: %ASA-6-605005: Login permitted from 10.0.0.2/1579 to inside:10.0.0.1/https for user "securas"
Sep 19 2012 10:57:40: %ASA-7-111009: User 'securas' executed cmd: show running-config all class-map
Sep 19 2012 10:57:40: %ASA-6-725007: SSL session with client inside:10.0.0.2/1579 terminated.
Sep 19 2012 10:57:40: %ASA-6-302013: Built inbound TCP connection 224385 for inside:10.0.0.2/1580 (10.0.0.2/1580) to NP Identity Ifc:10.0.0.1/443 (10.0.0.1/443)
Sep 19 2012 10:57:40: %ASA-6-725001: Starting SSL handshake with client inside:10.0.0.2/1580 for TLSv1 session.
Sep 19 2012 10:57:40: %ASA-6-725003: SSL client inside:10.0.0.2/1580 request to resume previous session.
<--- More --->
             
Sep 19 2012 10:57:40: %ASA-6-725002: Device completed SSL handshake with client inside:10.0.0.2/1580
Sep 19 2012 10:57:40: %ASA-6-605005: Login permitted from 10.0.0.2/1580 to inside:10.0.0.1/https for user "securas"
Sep 19 2012 10:57:40: %ASA-6-302014: Teardown TCP connection 224383 for inside:10.0.0.2/1578 to NP Identity Ifc:10.0.0.1/443 duration 0:00:00 bytes 1873 TCP FINs
Sep 19 2012 10:57:40: %ASA-6-302014: Teardown TCP connection 224384 for inside:10.0.0.2/1579 to NP Identity Ifc:10.0.0.1/443 duration 0:00:00 bytes 2657 TCP FINs
Sep 19 2012 10:57:41: %ASA-6-725007: SSL session with client inside:10.0.0.2/1580 terminated.
Sep 19 2012 10:57:41: %ASA-6-302014: Teardown TCP connection 224385 for inside:10.0.0.2/1580 to NP Identity Ifc:10.0.0.1/443 duration 0:00:00 bytes 21225 TCP FINs
Sep 19 2012 10:57:41: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:57:46: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:57:51: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:57:55: %ASA-5-611103: User logged out: Uname: securas
Sep 19 2012 10:57:55: %ASA-6-302014: Teardown TCP connection 224367 for inside:10.0.0.2/1521 to NP Identity Ifc:10.0.0.1/23 duration 0:06:29 bytes 3880 TCP FINs
Sep 19 2012 10:57:55: %ASA-3-710003: TCP access denied by ACL from 150.146.31.35/63581 to outside:75.151.223.123/22
Sep 19 2012 10:57:55: %ASA-7-710005: TCP request discarded from 150.146.31.35/63581 to outside:75.151.223.123/22
Sep 19 2012 10:57:56: %ASA-3-710003: TCP access denied by ACL from 150.146.31.35/63582 to outside:75.151.223.123/22
Sep 19 2012 10:57:56: %ASA-7-710005: TCP request discarded from 150.146.31.35/63582 to outside:75.151.223.123/22
Sep 19 2012 10:57:56: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:58:01: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:58:06: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:58:11: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:58:16: %ASA-7-609001: Built local-host outside:4.2.2.2
Sep 19 2012 10:58:16: %ASA-6-305011: Built dynamic UDP translation from inside:10.0.0.2/50269 to outside:75.151.223.121/54946
Sep 19 2012 10:58:16: %ASA-6-302015: Built outbound UDP connection 224386 for outside:4.2.2.2/53 (4.2.2.2/53) to inside:10.0.0.2/50269 (75.151.223.121/54946)
Sep 19 2012 10:58:16: %ASA-6-302016: Teardown UDP connection 224386 for outside:4.2.2.2/53 to inside:10.0.0.2/50269 duration 0:00:00 bytes 214
Sep 19 2012 10:58:16: %ASA-7-609002: Teardown local-host outside:4.2.2.2 duration 0:00:00
<--- More --->
             
Sep 19 2012 10:58:16: %ASA-7-609001: Built local-host outside:64.208.21.18
Sep 19 2012 10:58:16: %ASA-6-305011: Built dynamic TCP translation from inside:10.0.0.83/1439 to outside:75.151.223.121/36131
Sep 19 2012 10:58:16: %ASA-6-302013: Built outbound TCP connection 224387 for outside:64.208.21.18/80 (64.208.21.18/80) to inside:10.0.0.83/1439 (75.151.223.121/36131)
Sep 19 2012 10:58:16: %ASA-7-609001: Built local-host inside:10.0.0.82
Sep 19 2012 10:58:16: %ASA-7-609001: Built local-host outside:64.208.21.34
Sep 19 2012 10:58:16: %ASA-6-305011: Built dynamic TCP translation from inside:10.0.0.82/2309 to outside:75.151.223.121/36132
Sep 19 2012 10:58:16: %ASA-6-302013: Built outbound TCP connection 224388 for outside:64.208.21.34/80 (64.208.21.34/80) to inside:10.0.0.82/2309 (75.151.223.121/36132)
Sep 19 2012 10:58:16: %ASA-6-302014: Teardown TCP connection 224387 for outside:64.208.21.18/80 to inside:10.0.0.83/1439 duration 0:00:00 bytes 1179 TCP Reset-I
Sep 19 2012 10:58:16: %ASA-7-609002: Teardown local-host outside:64.208.21.18 duration 0:00:00
Sep 19 2012 10:58:16: %ASA-6-302014: Teardown TCP connection 224388 for outside:64.208.21.34/80 to inside:10.0.0.82/2309 duration 0:00:00 bytes 10240 TCP Reset-I
Sep 19 2012 10:58:16: %ASA-7-609002: Teardown local-host outside:64.208.21.34 duration 0:00:00
Sep 19 2012 10:58:16: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:58:21: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:58:26: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:58:27: %ASA-6-302013: Built inbound TCP connection 224389 for inside:10.0.0.2/1588 (10.0.0.2/1588) to NP Identity Ifc:10.0.0.1/23 (10.0.0.1/23)
Sep 19 2012 10:58:27: %ASA-7-710002: TCP access permitted from 10.0.0.2/1588 to inside:10.0.0.1/telnet
Sep 19 2012 10:58:31: %ASA-7-710005: UDP request discarded from 10.0.0.96/56033 to inside:10.0.0.255/61117
Sep 19 2012 10:58:36: %A
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38416357
What are the source and destination IPs in question?
0
 

Author Comment

by:raffie613
ID: 38418195
local IP    10.0.0.40  port 59002   UDP & TCP

local IP     10.0.0.42 port 59102  UDP & TCP

But when I am at the home screen on the ASDM down at the bottom of the page where it displays real time logging, it has constant warning messages going for everything that says "a tcp connection between hosts was deleted"
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38418243
I am not seeing those IPs in the logs.

You need to generate traffic with those IP addresses and then capture the log data that goes with it:

  sh log | i 10.0.0.40
  sh log | i 10.0.0.42
0
 

Author Comment

by:raffie613
ID: 38418539
nothing showed up. the phones are all working and they use the .40 address
the easy link connection between offices is what is nnot working, that uses the .42 address.

I was checking the logs on the other location. what does this alert mean?
3      Sep 20 2012      04:49:26      304006                   URL Server 192.168.13.2 not responding

that is the windows server ip.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38418595
Are you using a filtering server for web access?
0
 

Author Comment

by:raffie613
ID: 38418719
no, I have a program called websense, but i disabled it.
0
 

Author Comment

by:raffie613
ID: 38418724
is there a way to test traffic going from ASA to ASA at each location on the ip addresses that the easy link phone systems use to go betwee nlocations? I can't fingure out why its not working suddenly.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38418772
Well, if you've disabled websense and your ASA is still configured to use it, you'll get that errror.

packet-tracer in inside tcp LOCAL_IP 1026 DESTINATION_IP DEST_PORT
0
 

Author Comment

by:raffie613
ID: 38420157
what ip do i enter in packet tracer? External public ip to external public ip? I want to test the internal ip 10.0.0.42 going to the other ASA internal ip of 192.168.13.42
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38421678
If the source IP sits behind one ASA and the destination IP sits behind the other ASA, use the local (inside) IP for the source and the public IP for the destination (and vice versa).

Is there a VPN peering session between these two ASAs?
0
 

Author Comment

by:raffie613
ID: 38422524
I do not believe there is VPN peering setup. How do I confirm that?
thanks.
0
 

Author Comment

by:raffie613
ID: 38422689
which interface do i choose?
0
 

Author Comment

by:raffie613
ID: 38422719
so I did tcp and udp packets trace and it failed on the udp at the CP-PUNT
tcp went through
0
 

Author Comment

by:raffie613
ID: 38429030
you still there? What is the CP-Punt error. seems like the packet is still going through, but not sure if this is casuing the phone to drop.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38429109
To check your VPN peers:

Phase I  "sho crypto isakmp sa"
Phase II "show crypto ipsec sa"

"If packet flow does not match an existing connection, then TCP state is verified. If it is a SYN packet or UDP packet, then the connection counter is incremented by one and the packet is sent for an ACL check. If it is not a SYN packet, the packet is dropped and the event is logged."

What are the results of "sh asp drop" ?
0
 

Author Comment

by:raffie613
ID: 38429392
I don't think I have a van between the two places. What is the cp punt error in the packet trace?
I will get the results for shut asp drop
0
 

Author Comment

by:raffie613
ID: 38429395
Van =vpn
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38429418
The packet was punted to the CPU.
0
 

Author Comment

by:raffie613
ID: 38430147
why does that happen? Does it mean there is a problem?
0
 

Author Comment

by:raffie613
ID: 38433701
this is the result form sh asp drop"

gfw# sh asp drop

Frame drop:
  Invalid TCP Length (invalid-tcp-hdr-length)                                  1
  Flow is denied by configured rule (acl-drop)                            218878
  First TCP packet not SYN (tcp-not-syn)                                    1580
  TCP failed 3 way handshake (tcp-3whs-failed)                                48
  TCP RST/FIN out of order (tcp-rstfin-ooo)                                  249
  TCP packet SEQ past window (tcp-seq-past-win)                              154
  TCP invalid ACK (tcp-invalid-ack)                                            4
  TCP RST/SYN in window (tcp-rst-syn-in-win)                                   1
  TCP packet failed PAWS test (tcp-paws-fail)                                  7
  Slowpath security checks failed (sp-security-failed)                        89
  DNS Inspect invalid domain label (inspect-dns-invalid-domain-label)         82
  DNS Inspect id not matched (inspect-dns-id-not-matched)                     61
  FP L2 rule drop (l2_acl)                                                    16
  Interface is down (interface-down)                                           2
  Non-IP packet received in routed mode (non-ip-pkt-in-routed-mode)            1

Last clearing: Never

Flow drop:
  Inspection failure (inspect-fail)                                           90

Last clearing: Never
0
 

Author Comment

by:raffie613
ID: 38433712
Phase I  "sho crypto isakmp sa"
Phase II "show crypto ipsec sa"
I ran both these. came back as there are none.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 38433794
Then no vpn is running.  Do we need this to test?
0
 

Author Comment

by:raffie613
ID: 38434092
We shouldn't. It was working at one point. Phone company said to just open up certain ports and pointbthem to the ip of the phones. Only the easy link phone connection between the two locations is not working. The rest of the phones are.
0
 

Author Comment

by:raffie613
ID: 38440746
does the "sh asp drop" above tell you anything strange?

What next? Think it is a problem with the phone company equipment on that ip address?
0
 

Accepted Solution

by:
raffie613 earned 0 total points
ID: 38604309
rebooted the ASA and it worked.
0
 

Author Closing Comment

by:raffie613
ID: 38615926
only thing that worked
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question