Hi Shawn, Although I have never come across a doc that specifically states these details, from experience the Reset-O is logged when a tcp reset is received on the lower security level interface classed as outside, and Reset-I is logged when recieved on the higher level interface (inside).
Now what happens when the two interfaces are the same security level, with permit inter-interface enabled, is the interesting one and unfortunately one I'm not 100% sure on :) Stu On Tue, Jan 19, 2010 at 10:44 PM, Shawn Mesiatowsky <[email protected] > wrote: > I am having trouble figuring our where the reset bit is sent from > > %ASA-6-302014: Teardown TCP connection 498766 for public:1.1.1.1/2742 to > private:2.2.2.2/4615 duration 0:00:23 bytes 58142 TCP Reset-O > > the cisco docs say reset-o means it is from the outside. So is this in > reference to the security levels (where the outside is the lower > security level, being private, and inside is the higher being private)? > or the direction of traffic (where the connection was initiated, so the > inside would be public as the connection was initiated from the public > network, and the outside is private as it is the destention of the > connection )? Thanks for your help > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > -- Regards, Stuart Hare CCIE #25616 (Security), CCSP, Microsoft MCP Sr. Support Engineer – IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
