ASA5505 Error - %ASA-4-419002

Unanswered Question
Jun 26th, 2007
User Badges:

Iam getting the below error message in ASA 5505.


%ASA-4-419002: Duplicate TCP SYN from outside:213.x.x.2/2660 to outside:213.x.x.152/445 with different initial sequence number



%ASA-4-419002: Duplicate TCP SYN from outside:213.x.x.152/3961 to outside:213.x.x.156/445 with different initial sequence number


Sometime my ASA outside interface goes down and iam not bale to ping outside interface from Internet. After I reboot the ASA it

comes up.



What could be the reason?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JBDanford2002 Tue, 06/26/2007 - 16:18
User Badges:

Are you seeing errors on the interface?


sh int


Also is there possible errors on the internet circuit? One other possible cause is high connections DoS attack


Post the interface stats and a copy of the sh conn count when this happens again.

ckuriyar74 Thu, 06/28/2007 - 02:19
User Badges:

I have seen output erros, collissions & defferred on both inside & outside interfaces.


Interface Ethernet0/0 "", is up, line protocol is up

Hardware is 88E6095, BW 100 Mbps

Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)

Available but not configured via nameif

MAC address 0019.0724.9edb, MTU not set

IP address unassigned

2223137 packets input, 1100823366 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 switch ingress policy drops

1924871 packets output, 300387287 bytes, 0 underruns

2659 output errors, 2212 collisions, 0 interface resets

0 babbles, 0 late collisions, 4246 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops


Interface Ethernet0/1 "", is up, line protocol is up

Hardware is 88E6095, BW 100 Mbps

Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)

Available but not configured via nameif

MAC address 0019.0724.9edc, MTU not set

IP address unassigned

4697909 packets input, 804785167 bytes, 0 no buffer

Received 128491 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

184683611769 switch ingress policy drops

1965257 packets output, 1050829440 bytes, 0 underruns

3875 output errors, 2661 collisions, 0 interface resets

0 babbles, 0 late collisions, 5477 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops


Fernando_Meza Thu, 06/28/2007 - 15:49
User Badges:
  • Gold, 750 points or more

Hi .. according to Cisco Output Interpreter .. it does not seem to be any issues with the status of your interfaces. You might want to clear the counters (clear interface) however to be sure that those hits are not increasing drastically .. keep an eye of output errors and deferred, if they increase rapidly then you might be experiencing bandwidth overload or DoS type of attacks. You might want to report this to your ISP.


Interface - Ethernet0/0 (up/up)

INFO: There have been 4246 'deferred' packets on this interface.

The deferred counter counts the number of times the interface has tried to send

a frame, but found the carrier busy at the first attempt (Carrier Sense). This

does not constitute a problem, and is part of normal Ethernet operation.

Interface - Ethernet0/1 (up/up)

INFO: There have been 5477 'deferred' packets on this interface.

The deferred counter counts the number of times the interface has tried to send

a frame, but found the carrier busy at the first attempt (Carrier Sense). This

does not constitute a problem, and is part of normal Ethernet operation.


I hope it helps .. please rate it if does !!!



JBDanford2002 Thu, 06/28/2007 - 20:32
User Badges:

Your interfaces are taking errors. Probably duplex/speed mismatch. Hard code both ends and see if the performance improves.

ckuriyar74 Thu, 06/28/2007 - 23:16
User Badges:

Thanx for your valuable comments.

I will check with ISP and also try to hard code the interfaces & observe for the errors.

Actions

This Discussion