ASA FAQ: What does the "Free the flow created as result of packet injection" ASA teardown message mean?

Available Languages

Updated:March 27, 2013
Document ID:116007

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes the meaning of this teardown message on the Cisco Adaptive Security Appliance: Free the flow created as result of packet injection.

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Q. What does the "Free the flow created as result of packet injection" ASA teardown message mean?

A. This connection teardown message is created due to the packet-tracer injecting a packet into the ASA data path and deleting the connection immediately when it drops the packet at the egress point.

Here is an example of a connection teardown syslog being generated by an ASA:

Mar 07 2013 13:59:16: %ASA-6-302014: Teardown TCP 
   connection 397336 for outside:10.2.2.2/80 to 
   inside:10.36.103.60/12234 duration 0:00:00 bytes 
   0 Free the flow created as result of packet 
   injection

Here is an example of running the packet tracer feature and checking the local syslog buffer for the teardown reason:

ASA5515-X# packet-tracer input inside tcp 
   10.36.103.60 12234 10.2.2.2 80

Phase: 1
Type: CAPTURE
Subtype: 
Result: ALLOW
Config:
Additional Information:
MAC Access list

Phase: 2
Type: ACCESS-LIST
Subtype: 
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   0.0.0.0         0.0.0.0         outside
ASA5515-X# show log | include Free the flow
Mar 07 2013 13:59:16: %ASA-6-302014: Teardown TCP 
   connection 397336 for outside:10.2.2.2/80 to 
   inside:10.36.103.60/12234 duration 0:00:00 bytes 
   0 Free the flow created as result of packet 
   injection
ASA5515-X#

For more information on this connection teardown message, along with others, refer to Cisco ASA Series Syslog Messages.

For more information about the packet-tracer utility, which is an excellent tool for troubleshooting and verifying the configuration of the ASA, refer to Cisco ASA Series Command Reference.

Related Information

Revision History

Revision Publish Date Comments
1.0
27-Mar-2013
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Luis Rojas and Jay Johnston
    Cisco TAC Engineers.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products