https://community.cisco.com/t5/network-security/need-help-with-syn-timoeout-message/m-p/940370#M919374 <P>hi all, </P><P>Im trying to establish a connection from a server sitting behind a dmz interface to a linux box on port 4573 (sitting behind the inside interface) the connection is establish and the access list is allowing the packet through but i then get this message:</P><P>"Teardown TCP connection 606 for dmz xx.xx.xx.xx/37595 to inside xx.xx.xx.xx/4573 duration 0:00:30 bytes 0 SYN Timeout"</P><P></P><P>Any ideas why this might be happening?</P><P>Regards</P><P></P> Mon, 11 Mar 2019 12:51:24 GMT SOL10 2019-03-11T12:51:24Z https://community.cisco.com/t5/network-security/need-help-with-syn-timoeout-message/m-p/940370#M919374 <P>hi all, </P><P>Im trying to establish a connection from a server sitting behind a dmz interface to a linux box on port 4573 (sitting behind the inside interface) the connection is establish and the access list is allowing the packet through but i then get this message:</P><P>"Teardown TCP connection 606 for dmz xx.xx.xx.xx/37595 to inside xx.xx.xx.xx/4573 duration 0:00:30 bytes 0 SYN Timeout"</P><P></P><P>Any ideas why this might be happening?</P><P>Regards</P><P></P> Mon, 11 Mar 2019 12:51:24 GMT https://community.cisco.com/t5/network-security/need-help-with-syn-timoeout-message/m-p/940370#M919374 SOL10 2019-03-11T12:51:24Z https://community.cisco.com/t5/network-security/need-help-with-syn-timoeout-message/m-p/940371#M919375 <HTML><HEAD></HEAD><BODY><P>This means that the client was unable to establish a three-way handshake (SYN, SYN-ACK and so on) to the server.</P><P></P><P>I would check the following:</P><P></P><P>1) Try opening/testing the application from the LAN behind the ASA first, if this is working proceed to the next step.</P><P>2) On the internal client that was used for testing in Step (1) check if the service is establishing a connection on the same TCP flow as the one initiated by the client, and there is no dynamic behaviour like in some protocols like FTP, X-Windows etc. This can be done by observing the netstat output using the built-in netstat utility or some third-party package like TcpView.</P><P>3) Try troubleshooting with the packet-tracer command on your ASA box</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Thu, 29 May 2008 06:29:11 GMT https://community.cisco.com/t5/network-security/need-help-with-syn-timoeout-message/m-p/940371#M919375 Farrukh Haroon 2008-05-29T06:29:11Z https://community.cisco.com/t5/network-security/need-help-with-syn-timoeout-message/m-p/940372#M919376 <HTML><HEAD></HEAD><BODY><P>Salaams Farrukh</P><P></P><P>Thanks for your response. The problem was that the traffic was going through the default gateway of the server concerned(which was the inside intf or another asa) when it should it have been going throuhg the inside intf of the asa to which the remote server is connected (off the dmz). I hope this makes sense as we have a very peculiar setup.</P><P></P><P>Sol</P></BODY></HTML> Thu, 29 May 2008 07:20:29 GMT https://community.cisco.com/t5/network-security/need-help-with-syn-timoeout-message/m-p/940372#M919376 SOL10 2008-05-29T07:20:29Z https://community.cisco.com/t5/network-security/need-help-with-syn-timoeout-message/m-p/940373#M919377 <HTML><HEAD></HEAD><BODY><P>Wasalam</P><P></P><P>Great to see you have it working now <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Thu, 29 May 2008 07:23:17 GMT https://community.cisco.com/t5/network-security/need-help-with-syn-timoeout-message/m-p/940373#M919377 Farrukh Haroon 2008-05-29T07:23:17Z