Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13928
Views
0
Helpful
1
Replies

TCP Syn timeout on ASA

Go to solution
mahesh18
Level 6
Level 6

‎08-08-2013 11:32 AM - edited ‎03-11-2019 07:23 PM

Hi Everyone,

On ASA  i allowed Rule to access server on port http.

access-list Net_PC_access_in line 50 extended permit tcp host 192.168.50.12 host 192.168.55.188 eq http

After allowing this rule i can see hit counts on the rule but user is still unable to access the server via http.

Logs from ASA

Built outbound TCP connection 354050568 for Net:192.168.55.188/80 (192.168.55.188/80) to Net_PC_access_in:192.168.50.12/57524 (192.168.50.12/57524)

Teardown TCP connection 354050427 for Net:192.168.55.188/80 to Net_PC_access_in:192.168.50.12/57522 duration 0:00:30 bytes 0 SYN Timeout

where 192.168.55.188  is server  ip

192.168.50.12 is user PC.

I check routing on ASA  it has Route to PC  from interface where server is connected,

What should i check next?

Same server i can access from another subnet.

Regards

Mahesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎08-08-2013 12:37 PM

Hi Mahesh,

If we see "Built outbound TCP connection...." log message on the firewall that means the connection has gone through the firewall.

The "Teardown TCP connection..." log message in this case indicates that the connection timed out because the remote end (server) didnt reply to the attempt of the user to form the TCP HTTP connection.

The log messages you posted by the way arent messages from a same connection. You can look at the connection number (or even the source port) and see that they are messages for a different connection.

I would have to say that the most common reason is that there is some routing problem, software firewall or problem with the actual service on the server.

But you say that the server can be accessed from other hosts? Are these hosts from the same network as the user 192.168.50.12?

I am afraid it will be hard to say anything specific about this without seeing the configuration.

- Jouni

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎08-08-2013 12:37 PM

Hi Mahesh,

If we see "Built outbound TCP connection...." log message on the firewall that means the connection has gone through the firewall.

The "Teardown TCP connection..." log message in this case indicates that the connection timed out because the remote end (server) didnt reply to the attempt of the user to form the TCP HTTP connection.

The log messages you posted by the way arent messages from a same connection. You can look at the connection number (or even the source port) and see that they are messages for a different connection.

I would have to say that the most common reason is that there is some routing problem, software firewall or problem with the actual service on the server.

But you say that the server can be accessed from other hosts? Are these hosts from the same network as the user 192.168.50.12?

I am afraid it will be hard to say anything specific about this without seeing the configuration.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card