Explanation: A TCP connection between two hosts was deleted. The following list describes the message values:
- connection id is an unique identifier.
- interface, real-address, real-port identify the actual sockets.
- duration is the lifetime of the connection.
- bytes bytes is the data transfer of the connection.
- user is the AAA name of the user.
Conn-timeout
Connection ended because it was idle longer than the configured idle timeout.
Deny Termiate
Flow was terminated by application inspection.
Failover primary closed
The standby unit in a failover pair deleted a connection because of a message received from the active unit.
FIN Timeout
Force termination after 10 minutes awaiting the last ACK or after half-closed timeout.
Flow closed by inspection
Flow was terminated by inspection feature.
Flow terminated by IPS
Flow was terminated by IPS.
Flow reset by IPS
Flow was reset by IPS.
Flow terminated by TCP Intercept
Flow was terminated by TCP Intercept.
Invalid SYN
SYN packet not valid.
Idle Timeout
Connection timed out because it was idle longer than timeout value.
IPS fail-close
Flow was terminated due to IPS card down.
SYN Control
Back channel initiation from wrong side.
SYN Timeout
Force termination after 30 seconds awaiting three-way handshake completion.
TCP bad retransmission
Connection terminated because of bad TCP retransmission.
TCP FINs
Normal close down sequence.
TCP Invalid SYN
Invalid TCP SYN packet.
TCP Reset-I
Reset was from the inside.
TCP Reset-O
Reset was from the outside.
TCP segment partial overlap
Detected a partially overlapping segment.
TCP unexpected window size variation
Connection terminated due to variation in the TCP window size.
Tunnel has been torn down
Flow terminated because tunnel is down.
Unauth Deny
Denied by URL filter.
Unknown
Catch-all error.
Xlate Clear
Command-line removal
Other Notes:
The "inside" in TCP RESET-I refers to the more secure interface (i.e., interface with higher security level). Consequently, "outside" in TCP RESET-O refers to the less secure interface (i.e., interface with lower security level).
This is useful indetermining the source of the TCP session disconnection. That is, on which interface the disconnection was received from. Usually, it is actually the host on the interface itself that tears down the connection (could be due to failed authentication). Whatever the case, you have narrowed down the cause of the error.
The other reasons are pretty straightforward.
Reference:
PIX 7.2: SYSLOG 302014
No comments:
Post a Comment