Many SYN from same source port.

UmeshBhambri · ‎09-11-2019

Hello ,

<164>Sep 03 2019 13:43:18: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]

<164>Sep 03 2019 13:43:17: %ASA-4-106023: Deny tcp src Inside: x/3031 dst Outside:x/135 by access-group "Inside_access_in" [0x0, 0x0]

I get three packets before the source port changes. Could you please help me to know why three packets are being send with the same source port?

Sheraz.Salim · ‎09-12-2019

looking into the above logs.

the flow of traffic coming in as

---------Inside-------------ASA-FW----------Outside

Inside_access_in

you have define inside_access_in on inside interface as inbound. now on this access-list you tcp port 3031 is denied. unless you define a rule to allow tcp port 3031. this is your problem.

the problem you see the same packet is because firewall is denied the syn packet coming from server/pc but pc/server again sending it. you also need to check your asp-drop.

however, best is to allow the rule.

please do not forget to rate.

UmeshBhambri · ‎09-16-2019

Ok, But still why 3 SYN packets with the same source port ?

Sheraz.Salim · ‎09-16-2019

Ok, But still why 3 SYN packets with the same source port ?

because the client server/pc is sending a syn to start communicate and sending SYN request as the Firewall is blocking it and drop the request. so the client server/pc have no idea that why its keep sending SYN.

please do not forget to rate.