https://community.cisco.com/t5/network-security/tcp-syn-timeout-on-asa/m-p/2332077#M344933 <HTML><HEAD></HEAD><BODY><P>Hi Mahesh,</P><P></P><P>If we see "Built outbound TCP connection...." log message on the firewall that means the connection has gone through the firewall.</P><P></P><P>The "Teardown TCP connection..." log message in this case indicates that the connection timed out because the remote end (server) didnt reply to the attempt of the user to form the TCP HTTP connection.</P><P></P><P>The log messages you posted by the way arent messages from a same connection. You can look at the connection number (or even the source port) and see that they are messages for a different connection.</P><P></P><P>I would have to say that the most common reason is that there is some routing problem, software firewall or problem with the actual service on the server.</P><P></P><P>But you say that the server can be accessed from other hosts? Are these hosts from the same network as the user 192.168.50.12?</P><P></P><P>I am afraid it will be hard to say anything specific about this without seeing the configuration.</P><P></P><P>- Jouni</P></BODY></HTML> Thu, 08 Aug 2013 19:37:03 GMT Jouni Forss 2013-08-08T19:37:03Z https://community.cisco.com/t5/network-security/tcp-syn-timeout-on-asa/m-p/2332076#M344930 <P>Hi Everyone,</P><P></P><P>On ASA&nbsp; i allowed Rule to access server on port http.</P><P></P><P>access-list Net_PC_access_in line 50 extended permit tcp host 192.168.50.12 host 192.168.55.188 eq http</P><P></P><P>After allowing this rule i can see hit counts on the rule but user is still unable to access the server via http.</P><P></P><P>Logs from ASA</P><P></P><P>Built outbound TCP connection 354050568 for Net:192.168.55.188/80 (192.168.55.188/80) to Net_PC_access_in:192.168.50.12/57524 (192.168.50.12/57524)</P><P>Teardown TCP connection 354050427 for Net:192.168.55.188/80 to Net_PC_access_in:192.168.50.12/57522 duration 0:00:30 bytes 0 SYN Timeout</P><P></P><P>where 192.168.55.188&nbsp; is server&nbsp; ip</P><P>192.168.50.12 is user PC.</P><P></P><P>I check routing on ASA&nbsp; it has Route to PC&nbsp; from interface where server is connected,</P><P></P><P>What should i check next?</P><P></P><P>Same server i can access from another subnet.</P><P></P><P>Regards</P><P></P><P>Mahesh</P> Tue, 12 Mar 2019 02:23:51 GMT https://community.cisco.com/t5/network-security/tcp-syn-timeout-on-asa/m-p/2332076#M344930 mahesh18 2019-03-12T02:23:51Z https://community.cisco.com/t5/network-security/tcp-syn-timeout-on-asa/m-p/2332077#M344933 <HTML><HEAD></HEAD><BODY><P>Hi Mahesh,</P><P></P><P>If we see "Built outbound TCP connection...." log message on the firewall that means the connection has gone through the firewall.</P><P></P><P>The "Teardown TCP connection..." log message in this case indicates that the connection timed out because the remote end (server) didnt reply to the attempt of the user to form the TCP HTTP connection.</P><P></P><P>The log messages you posted by the way arent messages from a same connection. You can look at the connection number (or even the source port) and see that they are messages for a different connection.</P><P></P><P>I would have to say that the most common reason is that there is some routing problem, software firewall or problem with the actual service on the server.</P><P></P><P>But you say that the server can be accessed from other hosts? Are these hosts from the same network as the user 192.168.50.12?</P><P></P><P>I am afraid it will be hard to say anything specific about this without seeing the configuration.</P><P></P><P>- Jouni</P></BODY></HTML> Thu, 08 Aug 2013 19:37:03 GMT https://community.cisco.com/t5/network-security/tcp-syn-timeout-on-asa/m-p/2332077#M344933 Jouni Forss 2013-08-08T19:37:03Z https://community.cisco.com/t5/network-security/tcp-syn-timeout-on-asa/m-p/5325720#M1122461 <P>Something else to consider is there might be multiple paths to this server. Does the server have multiple NICs? Are those NICs on the same network or different networks? Different VLANs? I've run into instances where a linux server had old DNS and IPs saved in the nmcli. This also causes SYN timeouts. Something worth investigating.</P> Fri, 29 Aug 2025 19:41:13 GMT https://community.cisco.com/t5/network-security/tcp-syn-timeout-on-asa/m-p/5325720#M1122461 superation237 2025-08-29T19:41:13Z