I keep getting the following warning from the ASA ASDM syslog
Duplicate TCP SYN from inside:192.xx.xx.xx/63993 to outside:xx.xx.xx.xx/25 with different initial sequence number. The client in question sitting on the inside of the ASA is trying to access the mail server outside of our network. Currently the mail server is not responding to smtp requests from our network. Is the log message something to worry about?
I guess this should be ok. Since mail server is not responding and client is trying to reconnect again but with different initial seq before the existing open connection is torn down in ASA. What are the timestamps?
Explanation A duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number than the SYN that opened the embryonic connection. This could indicate that SYNs are being spoofed. This message occurs in Release 184.108.40.206 and later.
in_interface—The input interface.
src_address—The source IP address of the packet.
src_port—The source port of the packet.
out_interface—The output interface.
dest_address—The destination IP address of the packet.