https://community.cisco.com/t5/network-security/asa-5520-asa-4-419002-duplicate-tcp-syn/m-p/952775#M940968 <P>Hello,</P><P>I have a problem, the connection between hosts on my network is not possible. I becam this Error.</P><P></P><P> %ASA-4-419002: Duplicate TCP SYN OUTSIDE:10.10.66.2/1507 to INSIDE:10.10.1.6/1507 with different initial sequence number.</P><P></P><P>The network behind the ASA's OUTSIDE interface is completely under my </P><P>control, with the ASA being the only gateway, so I'm reasonably sure </P><P>there's no source IP address spoofing going on. </P><P></P><P>what cann i do, to resolve this problem?</P><P></P><P>thank,</P><P></P><P>Marie</P><P></P><P></P> Mon, 11 Mar 2019 12:17:32 GMT marie-pongou 2019-03-11T12:17:32Z https://community.cisco.com/t5/network-security/asa-5520-asa-4-419002-duplicate-tcp-syn/m-p/952775#M940968 <P>Hello,</P><P>I have a problem, the connection between hosts on my network is not possible. I becam this Error.</P><P></P><P> %ASA-4-419002: Duplicate TCP SYN OUTSIDE:10.10.66.2/1507 to INSIDE:10.10.1.6/1507 with different initial sequence number.</P><P></P><P>The network behind the ASA's OUTSIDE interface is completely under my </P><P>control, with the ASA being the only gateway, so I'm reasonably sure </P><P>there's no source IP address spoofing going on. </P><P></P><P>what cann i do, to resolve this problem?</P><P></P><P>thank,</P><P></P><P>Marie</P><P></P><P></P> Mon, 11 Mar 2019 12:17:32 GMT https://community.cisco.com/t5/network-security/asa-5520-asa-4-419002-duplicate-tcp-syn/m-p/952775#M940968 marie-pongou 2019-03-11T12:17:32Z https://community.cisco.com/t5/network-security/asa-5520-asa-4-419002-duplicate-tcp-syn/m-p/952776#M940970 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>It is possible to stop the Spoofing-Feature on the ASA?</P><P></P><P>thanks,</P><P></P><P>Marie</P></BODY></HTML> Wed, 19 Mar 2008 07:07:07 GMT https://community.cisco.com/t5/network-security/asa-5520-asa-4-419002-duplicate-tcp-syn/m-p/952776#M940970 marie-pongou 2008-03-19T07:07:07Z https://community.cisco.com/t5/network-security/asa-5520-asa-4-419002-duplicate-tcp-syn/m-p/952777#M940973 <HTML><HEAD></HEAD><BODY><P><SPAN class="medium_text" id="result_box"><SPAN style="font-size: 12pt; background-color: #fff; ">I had a problem exactly the same. <BR /><BR /></SPAN><SPAN style="font-size: 12pt; background-color: #fff; ">After hours of attempts, solved the problem by adding an ACL on the outside interface. <BR /><BR /></SPAN><SPAN style="font-size: 12pt;"><SPAN onmouseout="" onmouseover="" style="background-color: #fff;" title="POr incrivel que pareça, funcionou para mim.">Strangely enough, it worked for me. <BR /><BR /></SPAN><SPAN onmouseout="" onmouseover="" title="Boa sorte">Good luck</SPAN></SPAN></SPAN></P></BODY></HTML> Wed, 21 Jul 2010 18:28:14 GMT https://community.cisco.com/t5/network-security/asa-5520-asa-4-419002-duplicate-tcp-syn/m-p/952777#M940973 iprojetos 2010-07-21T18:28:14Z https://community.cisco.com/t5/network-security/asa-5520-asa-4-419002-duplicate-tcp-syn/m-p/952778#M940974 <HTML><HEAD></HEAD><BODY><P></P><DIV><P>If what you say is true, that this connection is not possible, I.E. your topology should not allow for this, then you need to look into some sort of routing error, perhaps you have a loop somewhere?</P><P></P><P>The ASA is just reacting to what traffic is receiving, so it must have received this syn on another interface and somehow the packet was also sent outside and received there as well.</P><P></P><P>The reason that denying with an access-list will work is that the packet will hit the access-list and drop before it can be checked to see if it is a duplicate syn.</P></DIV><P></P></BODY></HTML> Wed, 21 Jul 2010 18:50:40 GMT https://community.cisco.com/t5/network-security/asa-5520-asa-4-419002-duplicate-tcp-syn/m-p/952778#M940974 August Ritchie 2010-07-21T18:50:40Z