https://community.cisco.com/t5/network-security/many-syn-from-same-source-port/m-p/3923020#M24541 <P>Hello ,</P><P>&nbsp;</P><P>&lt;164&gt;Sep 03 2019 13:43:18: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]</P><P>&nbsp;</P><P>&lt;164&gt;Sep 03 2019 13:43:18: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]</P><P>&lt;164&gt;Sep 03 2019 13:43:17: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]</P><P>&nbsp;</P><P>I get&nbsp; three packets before the source port changes. Could you please help me to know why three packets are being send with the same source port?</P><P>&nbsp;</P> Thu, 12 Sep 2019 06:00:49 GMT UmeshBhambri 2019-09-12T06:00:49Z https://community.cisco.com/t5/network-security/many-syn-from-same-source-port/m-p/3923020#M24541 <P>Hello ,</P><P>&nbsp;</P><P>&lt;164&gt;Sep 03 2019 13:43:18: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]</P><P>&nbsp;</P><P>&lt;164&gt;Sep 03 2019 13:43:18: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]</P><P>&lt;164&gt;Sep 03 2019 13:43:17: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]</P><P>&nbsp;</P><P>I get&nbsp; three packets before the source port changes. Could you please help me to know why three packets are being send with the same source port?</P><P>&nbsp;</P> Thu, 12 Sep 2019 06:00:49 GMT https://community.cisco.com/t5/network-security/many-syn-from-same-source-port/m-p/3923020#M24541 UmeshBhambri 2019-09-12T06:00:49Z https://community.cisco.com/t5/network-security/many-syn-from-same-source-port/m-p/3923068#M24542 <P>looking into the above logs.</P><P>&nbsp;</P><P>the flow of traffic coming in as</P><P>&nbsp;</P><P>&nbsp;</P><P>---------Inside-------------ASA-FW----------Outside</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <SPAN>Inside_access_in</SPAN></P><P>&nbsp;</P><P><SPAN>you have define inside_access_in on inside interface as inbound. now on this access-list you tcp port 3031 is denied. unless you define a rule to allow tcp port 3031. this is your problem.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>the problem you see the same packet is because firewall is denied the syn packet coming from server/pc but pc/server again sending it. you also need to check your asp-drop.</SPAN></P><P>&nbsp;</P><P><SPAN>however, best is to allow the rule.</SPAN></P> Thu, 12 Sep 2019 07:37:50 GMT https://community.cisco.com/t5/network-security/many-syn-from-same-source-port/m-p/3923068#M24542 Sheraz.Salim 2019-09-12T07:37:50Z https://community.cisco.com/t5/network-security/many-syn-from-same-source-port/m-p/3924791#M24543 <P>Ok, But still why 3 SYN packets with the same source port ?</P> Mon, 16 Sep 2019 09:43:15 GMT https://community.cisco.com/t5/network-security/many-syn-from-same-source-port/m-p/3924791#M24543 UmeshBhambri 2019-09-16T09:43:15Z https://community.cisco.com/t5/network-security/many-syn-from-same-source-port/m-p/3924822#M24544 <P><SPAN>Ok, But still why 3 SYN packets with the same source port ?</SPAN></P><P>&nbsp;</P><P><SPAN>because the client server/pc is sending a syn to start communicate and sending SYN request as the Firewall is blocking it and drop the request. so the client server/pc have no idea that why its keep sending SYN.&nbsp;</SPAN></P> Mon, 16 Sep 2019 10:47:23 GMT https://community.cisco.com/t5/network-security/many-syn-from-same-source-port/m-p/3924822#M24544 Sheraz.Salim 2019-09-16T10:47:23Z