Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have an appliance capturing syslog information from my ASA5520. I am seeing a TON of entries for ASA-4-419002: Duplicate TCP SYN from inside:XXX.XXX.XXX.XXX/##### to inside:YYY.YYY.YYY.YYY/44487 with different initial, with the first IP address log...
I haven't abandoned my post, just been swamped with other duties. When I get a chance here on my side, I'll implement these suggestions and see if it fixes my problems as well. Thanks for all of the info.
We actually just got that turned off, as it was generating a lot of false positives and restricting valid access. I'll read on it, and see what controls are there to minimize the impact to legitimate traffic.
Guess I fat-fingered (clicked?) the discussion group I wanted to send this to. Thanks for the heads-up. It should be in the proper forum now. I will look at this in the morning. I'm a relative newbie to the Cisco CLI, so we'll see what I can do.
