Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
0
Helpful
1
Replies

interruptions of connection through ASA 5520

miroslavpetkovic
Level 1
Level 1

‎12-13-2012 05:41 AM - edited ‎03-11-2019 05:36 PM

Hi,

I have a problem with the connections to the remote webservice passing through ASA 5520 firewall. Connections are usually  interrupted in perod of half an hour in every few days.

This ASA 5520 firewall is only one firewall in a path to the remote webservice.

During the interruption I find the logs:

UTC: %ASA--4-419002: Duplicate TCP SYN from dmz1:x.x.x.x/.... to outside:y.y.y.y/p with different initial sequence number

Teardown TCP connection 28309406 for outside:y.y.y.y/p to dmz1:x.x.x.x/.... duration 0:00:30 bytes 0 SYN Timeout

How I could find root cause? Could it be solution implemetation of TCP State Bypass?

Best ragrds,

Miroslav Petkovic

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎12-13-2012 08:19 AM

With that error message, it seems to be TCP issue with the client trying to access the server using a duplicate SYN with different sequence number. It might have been using a connection which is still opened but has been closed on the FW.

You can implement TCP State Bypass, however that will bypass security for TCP state checking as well. The reason why FW is denying it is because it doesn't comply with TCP standard.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card