Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
0
Helpful
1
Replies

After upgrade to 8.0.4 receiving deny TCP (no connection) on SYN-ACKs

rda123spsa
Level 1
Level 1

‎05-26-2011 11:54 AM - edited ‎03-11-2019 01:38 PM

Hi,

just upgraded my firewall to Ver 8.0.4 and now have a connectivity issue with a service that used to work fine on Ver 7.1.

I think it seems to be due to the TCP handshake SYN - SYN ACK - ACK not being in order.

Basically the service makes an outbound call using TCP 5000 on an ISDN line. The call brings up the ISDN. When sniffing what's going on I can see the initial SYN packet sent out twice and  then an ACK response to the 2nd SYN from the far end device. The ACK packet comes before a SYN-ACK to the original request which is then blocked by the firewall.

Thought it might be due to TCP normalisation but not sure what command, as I said everything worked fine on Ver 7.1?

thanks,

Rich

Labels:
0 Helpful
1 Reply 1

brquinn
Level 1
Level 1

‎05-31-2011 09:50 AM

Rich,

Which defice are you using for a packet capture? Have you run captures on the Firewall's interfaces?

How is the final ACK in the 3-way handshake being received before the SYN/ACK?  Are the sequence numbers of the two SYN packets different? How about the source port, is that different?

I'm not sure why it was working before, but maybe the two problems are not related. It could be that the traffic should have failed with version 7.1, but didn't because of a bug. If you downgrade does the issue go away?

Thanks,

Brendan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card