Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
319
Views
0
Helpful
1
Replies

ASA-Checkpoint L2L VPN traffic dropped (SYN flag)

nb3
Level 1
Level 1

‎04-14-2008 11:58 AM

Having trouble with a L2L VPN between a ASA5520 and Checkpoint NGX. Traffic passes through just fine for most users but we are seeing problems where some users (but not always the same users) are unable to connect. I'm seeing

Inbound TCP connection denied from x.x.x.x/1171 to y.y.y.y/80 flags SYN on interface Outside.

My understanding of this is the ASA is seeing a new connection coming in (SYN flag is set) but the ASA thinks there is an existing connection it should be using.

Any ideas on what would cause this and if there is anyway to clear the connection for a single IP address?

Labels:
0 Helpful
1 Reply 1

nb3
Level 1
Level 1

‎04-21-2008 07:24 AM

FYI. This was caused by bug CSCsg60095. Upgrading to 7.2(3) resolved the problem.

0 Helpful
Customers Also Viewed These Support Documents