Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2603
Views
0
Helpful
1
Replies

ASA - SYN timeout

Ramkumar P
Level 1
Level 1

‎05-03-2011 03:00 AM - edited ‎03-11-2019 01:28 PM

Hi,

I am facing - SYN timeout issue while accessing an URL via ASA.

My network setup,

We have MPLS and VPN (with local breakout), my intranet traffic goes via MPLS and internet traffic goes via ASA. When MPLS fails intranet and internet is traffic routed via VPN. When VPN fails both intranet and internet is routed via MPLS. I have standard ACL's in place, implicit deny at the end. While accessing a particular URL, iam getting syn timeout. but its working in other sites with similar setup(used tracking).

Some of my analysis,

Added a sepererate ACL for permitting any any IP and applied to the inside interface, but still the same issue

Can anyone help !

Labels:
0 Helpful
1 Reply 1

brquinn
Level 1
Level 1

‎05-04-2011 08:59 AM

Ramkumar,

There are a lot of generalities in your post. Usually it is best to include specifics to get an accurate response. Otherwise, we're all just guessing. :-)

Packet captures run on each interface of the ASA will tell you if the ASA is receiving the SYN and if it is being forwarded. It will also tell you if a SYN/ACK is being received in response. I would suggest running simultaneous captures on both the inside and outside interfaces to see if the ASA is dropping your SYN or if the problem is elsewhere. If the ASA is dropping the packets, look at your syslogs at informational or debugging level to determine why.

Packet capture help.

I hope this helps.

Thanks,

Brendan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card