03-14-2008 12:55 AM - edited 03-11-2019 05:17 AM
Hello,
I have a problem, the connection between hosts on my network is not possible. I becam this Error.
%ASA-4-419002: Duplicate TCP SYN OUTSIDE:10.10.66.2/1507 to INSIDE:10.10.1.6/1507 with different initial sequence number.
The network behind the ASA's OUTSIDE interface is completely under my
control, with the ASA being the only gateway, so I'm reasonably sure
there's no source IP address spoofing going on.
what cann i do, to resolve this problem?
thank,
Marie
03-19-2008 12:07 AM
Hello,
It is possible to stop the Spoofing-Feature on the ASA?
thanks,
Marie
07-21-2010 11:28 AM
I had a problem exactly the same.
After hours of attempts, solved the problem by adding an ACL on the outside interface.
Strangely enough, it worked for me.
Good luck
07-21-2010 11:50 AM
If what you say is true, that this connection is not possible, I.E. your topology should not allow for this, then you need to look into some sort of routing error, perhaps you have a loop somewhere?
The ASA is just reacting to what traffic is receiving, so it must have received this syn on another interface and somehow the packet was also sent outside and received there as well.
The reason that denying with an access-list will work is that the packet will hit the access-list and drop before it can be checked to see if it is a duplicate syn.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: