https://community.cisco.com/t5/network-security/duplicate-tcp-syn-error-syslog-id-419002/m-p/2126983#M392707 <P>Hi,</P><P></P><P>I support a unit where we have 2 ASA's acting as their firewalls between their internal, DMZ and external network. One ASA is active and one is passive. I have setup alot of access rules for access of devices to servers from internal to DMZ, DMZ to external etc...&nbsp; I have an issue with one webserver.&nbsp; The webserver has a DMZ leg and an external NIC too.&nbsp; </P><P></P><P>Users on the internal network need to get to the DMZ&nbsp; NIC which i have setup and is working fine.&nbsp; There is also an external web URL whcih external users type into to get to the webserver from externally.&nbsp; On the ASA i have added the webservers dmz address and external address as objects.</P><P></P><P>On the access rule for the outside communication is where i have the problem.&nbsp; I have an access rule on the outside interface which is to permit ip from any source to that webserver using its external address.</P><P></P><P>Now when i try and test this by going to the external address URL it does not connect and i get a load of Duplicate TCP SYN attacks which i just cannot resolve and do not understand where these are coming from?</P><P></P><P>I get error "Duplicate TCP SYN from outside xx.xx.xx.xx/21963 to outside xx.xx.xx.xx/80 with different initial sequence number"</P><P></P><P>Looking at the numerous error logs the source IP and source port is always exactly the same.&nbsp; I understand the error normally could mean a spoof but i dont know how this could happen.&nbsp; Also i understand it could be a routing loop somewhere but again i dont know where to look for a routing loop.</P><P></P><P>Any advice on how to troubleshoot would be appreciated.&nbsp; Please Note I have an identical webserbver just with different IPs that seems to be working fine, has the same access rules on the ASA.</P> Tue, 12 Mar 2019 00:47:57 GMT rickysahni 2019-03-12T00:47:57Z https://community.cisco.com/t5/network-security/duplicate-tcp-syn-error-syslog-id-419002/m-p/2126983#M392707 <P>Hi,</P><P></P><P>I support a unit where we have 2 ASA's acting as their firewalls between their internal, DMZ and external network. One ASA is active and one is passive. I have setup alot of access rules for access of devices to servers from internal to DMZ, DMZ to external etc...&nbsp; I have an issue with one webserver.&nbsp; The webserver has a DMZ leg and an external NIC too.&nbsp; </P><P></P><P>Users on the internal network need to get to the DMZ&nbsp; NIC which i have setup and is working fine.&nbsp; There is also an external web URL whcih external users type into to get to the webserver from externally.&nbsp; On the ASA i have added the webservers dmz address and external address as objects.</P><P></P><P>On the access rule for the outside communication is where i have the problem.&nbsp; I have an access rule on the outside interface which is to permit ip from any source to that webserver using its external address.</P><P></P><P>Now when i try and test this by going to the external address URL it does not connect and i get a load of Duplicate TCP SYN attacks which i just cannot resolve and do not understand where these are coming from?</P><P></P><P>I get error "Duplicate TCP SYN from outside xx.xx.xx.xx/21963 to outside xx.xx.xx.xx/80 with different initial sequence number"</P><P></P><P>Looking at the numerous error logs the source IP and source port is always exactly the same.&nbsp; I understand the error normally could mean a spoof but i dont know how this could happen.&nbsp; Also i understand it could be a routing loop somewhere but again i dont know where to look for a routing loop.</P><P></P><P>Any advice on how to troubleshoot would be appreciated.&nbsp; Please Note I have an identical webserbver just with different IPs that seems to be working fine, has the same access rules on the ASA.</P> Tue, 12 Mar 2019 00:47:57 GMT https://community.cisco.com/t5/network-security/duplicate-tcp-syn-error-syslog-id-419002/m-p/2126983#M392707 rickysahni 2019-03-12T00:47:57Z https://community.cisco.com/t5/network-security/duplicate-tcp-syn-error-syslog-id-419002/m-p/2126984#M392708 <HTML><HEAD></HEAD><BODY><P>Hello Ricky,</P><P></P><P>So the ASA NAT;s that server to a specific IP on the inside and also to a public ip address on the outside....</P><P></P><P>Now when you connect from outside you get that error message.. Does that happen with all the connection attempts??</P><P></P><P>Regards</P></BODY></HTML> Wed, 16 Jan 2013 17:49:39 GMT https://community.cisco.com/t5/network-security/duplicate-tcp-syn-error-syslog-id-419002/m-p/2126984#M392708 Julio Carvajal 2013-01-16T17:49:39Z https://community.cisco.com/t5/network-security/duplicate-tcp-syn-error-syslog-id-419002/m-p/2126985#M392711 <HTML><HEAD></HEAD><BODY><P>Hi thanks for your reply.&nbsp; I resolved the issue, was missing the NAT rule for the ASA to NAT the external address to its DMZ address... d'oh!</P><P></P><P>thanks for your help!</P></BODY></HTML> Thu, 17 Jan 2013 11:56:22 GMT https://community.cisco.com/t5/network-security/duplicate-tcp-syn-error-syslog-id-419002/m-p/2126985#M392711 rickysahni 2013-01-17T11:56:22Z https://community.cisco.com/t5/network-security/duplicate-tcp-syn-error-syslog-id-419002/m-p/2126986#M392714 <HTML><HEAD></HEAD><BODY><P>Great to hear that..</P><P></P><P>Please mark the question as answered so future users can learn from this</P><P></P><P>Regards</P></BODY></HTML> Thu, 17 Jan 2013 18:35:38 GMT https://community.cisco.com/t5/network-security/duplicate-tcp-syn-error-syslog-id-419002/m-p/2126986#M392714 Julio Carvajal 2013-01-17T18:35:38Z