Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1835
Views
0
Helpful
2
Replies

ASA/FWSM: Abundance of SYN timeouts

Go to solution
Ulrich Hansen
Level 1
Level 1

‎12-09-2011 01:13 AM - edited ‎03-11-2019 03:00 PM

Gentlemen,

Firewall'ing and FW-forensic is not my primary area of expertise, so forgive my ignorance.

When browsing through the collected syslogs from our firewalls (FWSM/ASA), I'm seeing an abundance of SYN Timeouts. There's no specific pattern here, e.g. specific host or service, time of day etc. I can pick any day of the week and select a random host/service and simply search for the string "SYN" and I will almost surely get a significant number of hits.

Now, I'm not really looking for solution, as we've pretty much ruled out the possibility of misconfiguration. We've gone through potential problems with regards to TCP-connections limitations, timeout values, routing etc. But nothing seems to be misconfigured.

So my question to you gentlemen is: Is what I'm seeing typical or even expected behaviour? Since my server- or application teams are not screaming their lungs out with "slow network", this apparently does not cause severe performance degredation. I'm just surprised by the volume of SYN timeouts, but then again, browsing through the FW-syslogs is not really part of my everyday work. Can something like this be the result of theh fact that the volume of application traffic exceeds the capacity of the servers and that this i more a symptom of applications and/or server performance, rather than a network related issue?

Thanks

/Ulrich

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎12-09-2011 06:11 AM

Hope you don't mind a gentlewonan's response

SYN timeout syslogs are generated when the firewall doesn't receive a response for SYN that it passed through. It appears that the server may be responding back with a SYN ACK late (after 20 seconds ) or not at all.

If it responds late, then you would also see syslog 106015 messages.

-Kureli

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎12-09-2011 06:11 AM

Hope you don't mind a gentlewonan's response

SYN timeout syslogs are generated when the firewall doesn't receive a response for SYN that it passed through. It appears that the server may be responding back with a SYN ACK late (after 20 seconds ) or not at all.

If it responds late, then you would also see syslog 106015 messages.

-Kureli

0 Helpful

Go to solution
Ulrich Hansen
Level 1
Level 1
In response to Kureli Sankar

‎12-09-2011 06:56 AM

Hi Kureli,

Don't mind a gentlewomans reply at all

I'll take another look at the syslog and see, if the 106015-msg appears frequently as well.

Thanks for your reply

/Ulrich

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card