TCP Reset-I
Means the connection was reset from the interface with the higher security level. Usually the inside interface. Normally this means an application layer issues. Some software on the PC or the application itself reset the connection for some reason. Check windows firewall and for other AV products running on the client. Also check Java security exceptions list. Are there any other firewalls on the inside of your connection, IPS etc ?
TCP Reset-O
The connection was reset from the interface with the lower security level usually the outside interface. The reset came from the other side. Usually a server issue.
If you get these messages in the log you can do a packet capture and collect logs while trying the connect. Once you have that information you can demonstrate the traffic was passed by the firewall but then either the other side sent the reset (TCP Reset-O) or the inside host sent the reset (TCP Reset-I) and move the investigation away from the ASA.
I have seen the case where I got a TCP Reset-O in the logs but the issue was actually a NoNat was needed. In that case the user was trying to connect from anyconnect -> ASA -> S2S VPN -> Remote site -> 10.60.46.x. So check your NAT's are all correct too.
No comments:
Post a Comment