cisco防火墙设备告警日志问题

531207502

Inbound TCP connection denied from 10.123.31.131/80 to 22.2.119.1/44713 flags RST ACK  on interface outside

Error Message %ASA-2-106001: Inbound TCP connection denied from IP_address/port toIP_address/port flags tcp_flags on interface interface_name

Explanation An attempt was made to connect to an inside address is denied by the security policy that is defined for the specified traffic type. The IP address displayed is the real IP address instead of the IP address that appears through NAT. Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the ASA, and it was dropped. The tcp_flags in this packet are FIN and ACK.

The tcp_flags are as follows:

• ACK—The acknowledgment number was received
• FIN—Data was sent
• PSH—The receiver passed data to the application
• RST—The connection was reset
• SYN—Sequence numbers were synchronized to start a connection
• URG—The urgent pointer was declared valid
  

Recommended Action None required.

上面是思科的翻译，不过有点不懂，请知道的告诉下谢谢

zhurx

Explanation 解释
An attempt was made to connect to an inside address is denied by the security policy that Is defined for the specified traffic type.
这是安全策略拒绝的企图访问内网的一个特殊流量。（从互联网IP 22.2.119.1发起的访问你内部web 服务器 IP是 10.123.31.131）。

The IP address displayed is the real IP address instead of the IP address that appears through NAT.
这个IP 10.123.31.131 是服务器真实的IP。代替了用NAT做的显示的公网IP。

Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the ASA, and it was dropped. The tcp_flags in this packet are FIN and ACK.
可能的原因是，当连接已经拒绝的时候，这个数据包 tcp_flags在TCP头部显示了被拒绝的flag值。 举例：一个TPC包到达了，但是ASA没连接状态化存在记录，它就被丢弃了。这个包的TCP_flags标识是 FIN 和ACK。

naixer

www.naixer.com

q466265670

学习