08-21-2012 02:48 AM - edited 03-11-2019 04:44 PM
Hi All,
i am getting below log on firewall due to this my virtual application on public internet is working very slow.
106015 198.241.159.x 443 10.x.x.x 1650 Deny TCP (no connection) from 198.241.159.x/443 to 10.x.x.x/1650 flags PSH ACK on interface xyz
i have already try with tcp-state bypass.
asa(config)# access-list vitest permit tcp 10.x.x.0 255.255.255.0$
asa(config)# class
asa(config)# class-map vimap
asa(config-cmap)# match access-list vitest
asa(config-cmap)# exit
asa(config)# policy-map global_policy
asa(config-pmap)# class vimap
asa(config-pmap-c)# set connection advanced-options tcp-state-bypass
asa(config-pmap-c)#
i have already go through below link
08-21-2012 06:14 AM
Hi Prashant,
Normally this message means that a PUSH ACK packet was sent on this connection between 198.241.159.x/443 to 10.x.x.x/1650, was sent after the connection has been closed. So the firewall dropped this packet, since it could not find any existing connection between these two hosts.
You might just need to provide a bit more information on thi. I would suggest captures would be the best possible step forward.
Thanks,
Varun Rao
Security Team,
Cisco TAC
08-22-2012 03:38 AM
Thanks i will try with capture.
08-17-2014 05:27 PM
Disable TCP ranomizing sequence number as well.
set connection random-sequence-number disable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide