Guest

Cisco Adaptive Security Appliance (ASA) Software

ASA FAQ: What does the "Free the flow created as result of packet injection" ASA teardown message mean?

Document ID: 116007

Updated: Mar 27, 2013

Contributed by Luis Rojas and Jay Johnston, Cisco TAC Engineers.

   Print

Introduction

This document describes the meaning of this teardown message on the Cisco Adaptive Security Appliance: Free the flow created as result of packet injection.

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Q. What does the "Free the flow created as result of packet injection" ASA teardown message mean?

A. This connection teardown message is created due to the packet-tracer injecting a packet into the ASA data path and deleting the connection immediately when it drops the packet at the egress point.

Here is an example of a connection teardown syslog being generated by an ASA:

Mar 07 2013 13:59:16: %ASA-6-302014: Teardown TCP 
   connection 397336 for outside:10.2.2.2/80 to 
   inside:10.36.103.60/12234 duration 0:00:00 bytes 
   0 Free the flow created as result of packet 
   injection

Here is an example of running the packet tracer feature and checking the local syslog buffer for the teardown reason:

ASA5515-X# packet-tracer input inside tcp 
   10.36.103.60 12234 10.2.2.2 80

Phase: 1
Type: CAPTURE
Subtype: 
Result: ALLOW
Config:
Additional Information:
MAC Access list

Phase: 2
Type: ACCESS-LIST
Subtype: 
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   0.0.0.0         0.0.0.0         outside
ASA5515-X# show log | include Free the flow
Mar 07 2013 13:59:16: %ASA-6-302014: Teardown TCP 
   connection 397336 for outside:10.2.2.2/80 to 
   inside:10.36.103.60/12234 duration 0:00:00 bytes 
   0 Free the flow created as result of packet 
   injection
ASA5515-X# 

For more information on this connection teardown message, along with others, refer to Cisco ASA Series Syslog Messages.

For more information about the packet-tracer utility, which is an excellent tool for troubleshooting and verifying the configuration of the ASA, refer to Cisco ASA Series Command Reference.

Related Information

Updated: Mar 27, 2013
Document ID: 116007