https://community.cisco.com/t5/network-security/duplicate-tcp-syn-from-int-x-x-x-x/m-p/1902639#M458114 <HTML><HEAD></HEAD><BODY><P>Hello Fadi,</P><P></P><P>The question here is why is the host sending incorrect tcp packets ( SYN packest) In this case you will need to work on the host first and see why is doing that. BUT if you want to solve this on the easiest and non-secure way you will need to configure a TCP state bypass rule so the ASA will no longer statefully inspect the TCP connections:</P><P></P><P>access-list test permit tcp host ip_host_behind_asa host outside_server </P><P></P><P>class-map test</P><P>match access-list test</P><P></P><P>policy-map global_policy</P><P>class test</P><P>set connection advanced-options tcp-state-bypass</P><P></P><P>Do rate all the helpful posts!!</P></BODY></HTML> Fri, 16 Mar 2012 01:07:08 GMT Julio Carvajal 2012-03-16T01:07:08Z https://community.cisco.com/t5/network-security/duplicate-tcp-syn-from-int-x-x-x-x/m-p/1902638#M458113 <P>Hiii guys,</P><P></P><P> do anybody can assist me in to fix the issue of the log i'm getting on my ASA firewall</P><P></P><P>:Duplicate TCP SYN from INT: (MY IP behind ASA) to Outside: (the remote server outside ASA) with differenet initial sequence number</P><P></P><P>i don't know why this comes even i can see the traffic is reaching the remote server??</P><P></P><P>please your urgent support is needed</P><P></P><P>thank you</P><P></P><P>Fadi</P> Mon, 11 Mar 2019 22:42:29 GMT https://community.cisco.com/t5/network-security/duplicate-tcp-syn-from-int-x-x-x-x/m-p/1902638#M458113 fadimabrouk 2019-03-11T22:42:29Z https://community.cisco.com/t5/network-security/duplicate-tcp-syn-from-int-x-x-x-x/m-p/1902639#M458114 <HTML><HEAD></HEAD><BODY><P>Hello Fadi,</P><P></P><P>The question here is why is the host sending incorrect tcp packets ( SYN packest) In this case you will need to work on the host first and see why is doing that. BUT if you want to solve this on the easiest and non-secure way you will need to configure a TCP state bypass rule so the ASA will no longer statefully inspect the TCP connections:</P><P></P><P>access-list test permit tcp host ip_host_behind_asa host outside_server </P><P></P><P>class-map test</P><P>match access-list test</P><P></P><P>policy-map global_policy</P><P>class test</P><P>set connection advanced-options tcp-state-bypass</P><P></P><P>Do rate all the helpful posts!!</P></BODY></HTML> Fri, 16 Mar 2012 01:07:08 GMT https://community.cisco.com/t5/network-security/duplicate-tcp-syn-from-int-x-x-x-x/m-p/1902639#M458114 Julio Carvajal 2012-03-16T01:07:08Z https://community.cisco.com/t5/network-security/duplicate-tcp-syn-from-int-x-x-x-x/m-p/1902640#M458115 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>sounds to be a soultion, not secure but i will test it. </P><P></P><P>Thanx </P></BODY></HTML> Sun, 18 Mar 2012 10:21:38 GMT https://community.cisco.com/t5/network-security/duplicate-tcp-syn-from-int-x-x-x-x/m-p/1902640#M458115 fadimabrouk 2012-03-18T10:21:38Z https://community.cisco.com/t5/network-security/duplicate-tcp-syn-from-int-x-x-x-x/m-p/1902641#M458116 <HTML><HEAD></HEAD><BODY><P>it's working fine now <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Thu, 05 Apr 2012 06:03:03 GMT https://community.cisco.com/t5/network-security/duplicate-tcp-syn-from-int-x-x-x-x/m-p/1902641#M458116 fadimabrouk 2012-04-05T06:03:03Z