I've checked large amount of given below error messages on ASA.
i know that some people tunes error messages like 106015 not logging for performance on device and cisco also no recommend about this but i'm not sure it's alright or not. cause it generates nearly 8,000,000 counts per day and it's almost takes up 95% on total messages
anyone who can solve this problem..
*most packets are 80(http)port w fin,ack flag.
*device model is ASA-5585X and version is 9.1.
*network diagram is as below(all L4 run FLB)
[network]
GW1 GW2
| |
L4 -------L4
| |
ASA ASA
| |
L4 -------L4
[error messages]
Sep 2 00:27:45 %ASA-4-106015: Deny TCP (no connection) from flags FIN ACK on interface outside
Sep 2 00:27:45 %ASA-4-106015: Deny TCP (no connection) from flags FIN PSH ACK on interface outside
Sep 2 00:27:48 %ASA-4-106015: Deny TCP (no connection) from flags FIN PSH ACK on interface outside
Sep 2 00:27:52 %ASA-4-106015: Deny TCP (no connection) from flags FIN PSH ACK on interface outside
Sep 2 00:27:59 %ASA-4-106015: Deny TCP (no connection) from flags FIN PSH ACK on interface outside
Sep 2 00:28:14 %ASA-4-106015: Deny TCP (no connection) from flags FIN PSH ACK on interface outside
Sep 2 00:28:44 %ASA-4-106015: Deny TCP (no connection) from flags FIN PSH ACK on interface outside
Best Answer
Those are not errors. You are logging access attempts that are being denied, per the device configuration.
Log them if you need to know about unauthorized access attempts.