- TCP FINs - The remote server tore down the connection (typical for HTTP or FTP connections). Normal close down sequence.
- TCP Reset-I - The client tore down the connection (typical in an SMTP or IMAP exchange). Reset was from the inside (high security).
- TCP Reset-O - The server was not listening on that protocol at that time (usually seen as coming from SMTP servers). Reset was from the outside (low security).
- FIN Timeout - Force termination after 10 minutes awaiting the last ACK or after half-closed timeout
- SYN Timeout - Forced termination after two minutes awaiting three-way handshake completion
- Deny - Terminated by application inspection
- SYN Control - Back channel initiation from wrong side
- Uauth Deny - Denied by URL filter
- Xlate Clear - Command-line removal (when the administrators sends the "clear xlate" command)
- Unknown - None of the indicators above (but yet terminated)
- Conn-timeout - Connection ended because it was idle longer than the configured idle timeout
- Flow closed by inspection - Flow was terminated by inspection feature
- Flow terminated by IPS
- Flow reset by IPS
- Invalid SYN - SYN packet not valid
- Idle Timeout - Connection timed out because it was idle longer than timeout value
- IPS fail-close - Flow was terminated due to IPS card down
- TCP bad retransmission - Connection terminated because of bad TCP retransmission
- TCP FINs -
- TCP Invalid SYN - Invalid TCP SYN packet
- TCP segment partial overlap - Detected a partially overlapping segment
- TCP unexpected window size variation - Connection terminated due to variation in the TCP window size
- Tunnel has been torn down - Flow terminated because tunnel is down
grabbed from http://serverfault.com/questions/514226/newbie-need-help-deciphering-firewall-log-files-cisco-asa-5520 and http://blog.jhe.co/2009/10/asa-teardown-tcp-connection-log-message.html