cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Duplicate TCP SYN error SYSLOG ID 419002

rickysahni
Beginner
Beginner

Hi,

I support a unit where we have 2 ASA's acting as their firewalls between their internal, DMZ and external network. One ASA is active and one is passive. I have setup alot of access rules for access of devices to servers from internal to DMZ, DMZ to external etc...  I have an issue with one webserver.  The webserver has a DMZ leg and an external NIC too. 

Users on the internal network need to get to the DMZ  NIC which i have setup and is working fine.  There is also an external web URL whcih external users type into to get to the webserver from externally.  On the ASA i have added the webservers dmz address and external address as objects.

On the access rule for the outside communication is where i have the problem.  I have an access rule on the outside interface which is to permit ip from any source to that webserver using its external address.

Now when i try and test this by going to the external address URL it does not connect and i get a load of Duplicate TCP SYN attacks which i just cannot resolve and do not understand where these are coming from?

I get error "Duplicate TCP SYN from outside xx.xx.xx.xx/21963 to outside xx.xx.xx.xx/80 with different initial sequence number"

Looking at the numerous error logs the source IP and source port is always exactly the same.  I understand the error normally could mean a spoof but i dont know how this could happen.  Also i understand it could be a routing loop somewhere but again i dont know where to look for a routing loop.

Any advice on how to troubleshoot would be appreciated.  Please Note I have an identical webserbver just with different IPs that seems to be working fine, has the same access rules on the ASA.

2 ACCEPTED SOLUTIONS

Accepted Solutions

Julio Carvajal
Advisor
Advisor

Hello Ricky,

So the ASA NAT;s that server to a specific IP on the inside and also to a public ip address on the outside....

Now when you connect from outside you get that error message.. Does that happen with all the connection attempts??

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Great to hear that..

Please mark the question as answered so future users can learn from this

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

3 REPLIES 3

Julio Carvajal
Advisor
Advisor

Hello Ricky,

So the ASA NAT;s that server to a specific IP on the inside and also to a public ip address on the outside....

Now when you connect from outside you get that error message.. Does that happen with all the connection attempts??

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi thanks for your reply.  I resolved the issue, was missing the NAT rule for the ASA to NAT the external address to its DMZ address... d'oh!

thanks for your help!

Great to hear that..

Please mark the question as answered so future users can learn from this

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: