03-15-2012 06:00 AM - edited 03-11-2019 03:42 PM
Hiii guys,
do anybody can assist me in to fix the issue of the log i'm getting on my ASA firewall
:Duplicate TCP SYN from INT: (MY IP behind ASA) to Outside: (the remote server outside ASA) with differenet initial sequence number
i don't know why this comes even i can see the traffic is reaching the remote server??
please your urgent support is needed
thank you
Fadi
03-15-2012 06:07 PM
Hello Fadi,
The question here is why is the host sending incorrect tcp packets ( SYN packest) In this case you will need to work on the host first and see why is doing that. BUT if you want to solve this on the easiest and non-secure way you will need to configure a TCP state bypass rule so the ASA will no longer statefully inspect the TCP connections:
access-list test permit tcp host ip_host_behind_asa host outside_server
class-map test
match access-list test
policy-map global_policy
class test
set connection advanced-options tcp-state-bypass
Do rate all the helpful posts!!
03-18-2012 03:21 AM
Hello,
sounds to be a soultion, not secure but i will test it.
Thanx
04-04-2012 11:03 PM
it's working fine now :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide