https://community.cisco.com/t5/network-security/asa-syn-timeout/m-p/1684524#M556694 <HTML><HEAD></HEAD><BODY><P>Ramkumar,</P><P></P><P>There are a lot of generalities in your post. Usually it is best to include specifics to get an accurate response. Otherwise, we're all just guessing. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Packet captures run on each interface of the ASA will tell you if the ASA is receiving the SYN and if it is being forwarded. It will also tell you if a SYN/ACK is being received in response. I would suggest running simultaneous captures on both the inside and outside interfaces to see if the ASA is dropping your SYN or if the problem is elsewhere. If the ASA is dropping the packets, look at your syslogs at informational or debugging level to determine why. </P><P></P><P><A href="https://community.cisco.com/docs/DOC-1222">Packet capture help.</A></P><P></P><P>I hope this helps.</P><P></P><P>Thanks,</P><P>Brendan</P></BODY></HTML> Wed, 04 May 2011 15:59:25 GMT brquinn 2011-05-04T15:59:25Z https://community.cisco.com/t5/network-security/asa-syn-timeout/m-p/1684523#M556693 <P>Hi,</P><P></P><P>I am facing - SYN timeout issue while accessing an URL via ASA.</P><P></P><P>My network setup,</P><P></P><P>We have MPLS and VPN (with local breakout), my intranet traffic goes via MPLS and internet traffic goes via ASA. When MPLS fails intranet and internet is traffic routed via VPN. When VPN fails both intranet and internet is routed via MPLS. I have standard ACL's in place, implicit deny at the end. While accessing a particular URL, iam getting syn timeout. but its working in other sites with similar setup(used tracking).</P><P></P><P>Some of my analysis,</P><P></P><P>Added a sepererate ACL for permitting any any IP and applied to the inside interface, but still the same issue</P><P></P><P>Can anyone help !</P> Mon, 11 Mar 2019 20:28:16 GMT https://community.cisco.com/t5/network-security/asa-syn-timeout/m-p/1684523#M556693 Ramkumar P 2019-03-11T20:28:16Z https://community.cisco.com/t5/network-security/asa-syn-timeout/m-p/1684524#M556694 <HTML><HEAD></HEAD><BODY><P>Ramkumar,</P><P></P><P>There are a lot of generalities in your post. Usually it is best to include specifics to get an accurate response. Otherwise, we're all just guessing. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Packet captures run on each interface of the ASA will tell you if the ASA is receiving the SYN and if it is being forwarded. It will also tell you if a SYN/ACK is being received in response. I would suggest running simultaneous captures on both the inside and outside interfaces to see if the ASA is dropping your SYN or if the problem is elsewhere. If the ASA is dropping the packets, look at your syslogs at informational or debugging level to determine why. </P><P></P><P><A href="https://community.cisco.com/docs/DOC-1222">Packet capture help.</A></P><P></P><P>I hope this helps.</P><P></P><P>Thanks,</P><P>Brendan</P></BODY></HTML> Wed, 04 May 2011 15:59:25 GMT https://community.cisco.com/t5/network-security/asa-syn-timeout/m-p/1684524#M556694 brquinn 2011-05-04T15:59:25Z