cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


271
Views
0
Helpful
3
Replies
Highlighted
Beginner

Many SYN from same source port.

Hello ,

 

<164>Sep 03 2019 13:43:18: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]

 

<164>Sep 03 2019 13:43:18: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]

<164>Sep 03 2019 13:43:17: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]

 

I get  three packets before the source port changes. Could you please help me to know why three packets are being send with the same source port?

 

Everyone's tags (1)
3 REPLIES 3
Rising star

Re: Many SYN from same source port.

looking into the above logs.

 

the flow of traffic coming in as

 

 

---------Inside-------------ASA-FW----------Outside

                      Inside_access_in

 

you have define inside_access_in on inside interface as inbound. now on this access-list you tcp port 3031 is denied. unless you define a rule to allow tcp port 3031. this is your problem. 

 

the problem you see the same packet is because firewall is denied the syn packet coming from server/pc but pc/server again sending it. you also need to check your asp-drop.

 

however, best is to allow the rule.

please do not forget to rate.
Beginner

Re: Many SYN from same source port.

Ok, But still why 3 SYN packets with the same source port ?

Rising star

Re: Many SYN from same source port.

Ok, But still why 3 SYN packets with the same source port ?

 

because the client server/pc is sending a syn to start communicate and sending SYN request as the Firewall is blocking it and drop the request. so the client server/pc have no idea that why its keep sending SYN. 

please do not forget to rate.