Hi,

I support a unit where we have 2 ASA's acting as their firewalls between their internal, DMZ and external network. One ASA is active and one is passive. I have setup alot of access rules for access of devices to servers from internal to DMZ, DMZ to external etc...  I have an issue with one webserver.  The webserver has a DMZ leg and an external NIC too. 

Users on the internal network need to get to the DMZ  NIC which i have setup and is working fine.  There is also an external web URL whcih external users type into to get to the webserver from externally.  On the ASA i have added the webservers dmz address and external address as objects.

On the access rule for the outside communication is where i have the problem.  I have an access rule on the outside interface which is to permit ip from any source to that webserver using its external address.

Now when i try and test this by going to the external address URL it does not connect and i get a load of Duplicate TCP SYN attacks which i just cannot resolve and do not understand where these are coming from?

I get error "Duplicate TCP SYN from outside xx.xx.xx.xx/21963 to outside xx.xx.xx.xx/80 with different initial sequence number"

Looking at the numerous error logs the source IP and source port is always exactly the same.  I understand the error normally could mean a spoof but i dont know how this could happen.  Also i understand it could be a routing loop somewhere but again i dont know where to look for a routing loop.

Any advice on how to troubleshoot would be appreciated.  Please Note I have an identical webserbver just with different IPs that seems to be working fine, has the same access rules on the ASA.