Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
0
Helpful
0
Replies

Cisco ASA - "Duplicate TCP SYN from UNTRUST: xxx.xxx.xxx.xxx/port to TRUST:yyy.yyy.yyy.yyy/port with diffferent sequence number"

romel9977
Level 1
Level 1

‎03-16-2014 11:49 PM - last edited on ‎03-25-2019 05:53 PM by Community Manager

Hi All,

I have a system on the TRUST zone of Cisco ASA that is accessible from Internet which is the UNTRUST zone. There's a firewall rule configured as "Source (UNTRUST zone): ANY (internet) to Destination (TRUST zone): xxx.xxx.xxx.xxx, with destination port: TCP/yyyyy".

Initial connection works fine, but succeeding connectivity is not established and we see logs from the firewall "Duplicate TCP SYN from UNTRUST: xxx.xxx.xxx.xxx/port to TRUST:yyy.yyy.yyy.yyy/port with diffferent sequence number"

To further isolate, we have created a specific rule as "Source (UNTRUST zone): specific ip from internet to Destination (TRUST zone): xxx.xxx.xxx.xxx. with destination port: TCP/yyyyy" and initiate again the connection. But then, we still get the logs "Duplicate TCP SYN from UNTRUST: xxx.xxx.xxx.xxx/port to TRUST:yyy.yyy.yyy.yyy/port with diffferent sequence number"

I'm not sure if this is a SNY Attack but I doubt it is as we don't see much of this logs aside from this specific connection. Is there anything that I could miss configuring on the Cisco ASA firewall?

 

Best Regard,

Mel

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card