ASA5505 Error - %ASA-4-419002

Unanswered Question
Jun 26th, 2007

Iam getting the below error message in ASA 5505.

%ASA-4-419002: Duplicate TCP SYN from outside:213.x.x.2/2660 to outside:213.x.x.152/445 with different initial sequence number

%ASA-4-419002: Duplicate TCP SYN from outside:213.x.x.152/3961 to outside:213.x.x.156/445 with different initial sequence number

Sometime my ASA outside interface goes down and iam not bale to ping outside interface from Internet. After I reboot the ASA it

comes up.

What could be the reason?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JBDanford2002 Tue, 06/26/2007 - 16:18

Are you seeing errors on the interface?

sh int

Also is there possible errors on the internet circuit? One other possible cause is high connections DoS attack

Post the interface stats and a copy of the sh conn count when this happens again.

ckuriyar74 Thu, 06/28/2007 - 02:19

I have seen output erros, collissions & defferred on both inside & outside interfaces.

Interface Ethernet0/0 "", is up, line protocol is up

Hardware is 88E6095, BW 100 Mbps

Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)

Available but not configured via nameif

MAC address 0019.0724.9edb, MTU not set

IP address unassigned

2223137 packets input, 1100823366 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 switch ingress policy drops

1924871 packets output, 300387287 bytes, 0 underruns

2659 output errors, 2212 collisions, 0 interface resets

0 babbles, 0 late collisions, 4246 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops

Interface Ethernet0/1 "", is up, line protocol is up

Hardware is 88E6095, BW 100 Mbps

Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)

Available but not configured via nameif

MAC address 0019.0724.9edc, MTU not set

IP address unassigned

4697909 packets input, 804785167 bytes, 0 no buffer

Received 128491 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

184683611769 switch ingress policy drops

1965257 packets output, 1050829440 bytes, 0 underruns

3875 output errors, 2661 collisions, 0 interface resets

0 babbles, 0 late collisions, 5477 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops

Fernando_Meza Thu, 06/28/2007 - 15:49

Hi .. according to Cisco Output Interpreter .. it does not seem to be any issues with the status of your interfaces. You might want to clear the counters (clear interface) however to be sure that those hits are not increasing drastically .. keep an eye of output errors and deferred, if they increase rapidly then you might be experiencing bandwidth overload or DoS type of attacks. You might want to report this to your ISP.

Interface - Ethernet0/0 (up/up)

INFO: There have been 4246 'deferred' packets on this interface.

The deferred counter counts the number of times the interface has tried to send

a frame, but found the carrier busy at the first attempt (Carrier Sense). This

does not constitute a problem, and is part of normal Ethernet operation.

Interface - Ethernet0/1 (up/up)

INFO: There have been 5477 'deferred' packets on this interface.

The deferred counter counts the number of times the interface has tried to send

a frame, but found the carrier busy at the first attempt (Carrier Sense). This

does not constitute a problem, and is part of normal Ethernet operation.

I hope it helps .. please rate it if does !!!

JBDanford2002 Thu, 06/28/2007 - 20:32

Your interfaces are taking errors. Probably duplex/speed mismatch. Hard code both ends and see if the performance improves.

ckuriyar74 Thu, 06/28/2007 - 23:16

Thanx for your valuable comments.

I will check with ISP and also try to hard code the interfaces & observe for the errors.

Actions

This Discussion