cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ASA drops legitimate traffic with "TCP packet SEQ past window"

481
Views
0
Helpful
0
Comments

Hello Gents

we have HTTP app running over IPSec tunnel which demonstrate huge asp drops tcp-seq-past-win. Mainly these are replies from server (which is located on remote  side of the tunnel) to clients:

   1: 13:00:08.030561       802.1Q vlan#9 P0 10.6.8.6.80 > 10.228.28.94.40162: . ack 3860909461 win 122 <nop,nop,timestamp 2628156165 3655282,nop,nop,sack sack 1 {3860909460:3860909461} > Drop-reason: (tcp-seq-past-win) TCP packet SEQ past window
   2: 13:00:11.934064       802.1Q vlan#9 P0 10.6.8.6.80 > 10.228.0.151.52569: . ack 4292705738 win 122 <nop,nop,timestamp 2628160068 3730521,nop,nop,sack sack 1 {4292705737:4292705738} > Drop-reason: (tcp-seq-past-win) TCP packet SEQ past window

DOCs say:

Name: tcp-seq-past-win
TCP packet SEQ past window:
This counter is incremented and the packet is dropped when appliance receives a TCP data packet with sequence number beyond the window allowed by the peer TCP endpoint.
Recommendations:
None

Is there any tool to turn this behavior off for this specific app?

Thank you in advance.