ASA 5520 ASA-4-419002: Duplicate TCP SYN

marie-pongou · ‎03-14-2008

Hello,

I have a problem, the connection between hosts on my network is not possible. I becam this Error.

%ASA-4-419002: Duplicate TCP SYN OUTSIDE:10.10.66.2/1507 to INSIDE:10.10.1.6/1507 with different initial sequence number.

The network behind the ASA's OUTSIDE interface is completely under my

control, with the ASA being the only gateway, so I'm reasonably sure

there's no source IP address spoofing going on.

what cann i do, to resolve this problem?

thank,

Marie

marie-pongou · ‎03-19-2008

Hello,

It is possible to stop the Spoofing-Feature on the ASA?

thanks,

Marie

iprojetos · ‎07-21-2010

I had a problem exactly the same.

After hours of attempts, solved the problem by adding an ACL on the outside interface.

Strangely enough, it worked for me.

Good luck

August Ritchie · ‎07-21-2010

If what you say is true, that this connection is not possible, I.E. your topology should not allow for this, then you need to look into some sort of routing error, perhaps you have a loop somewhere?

The ASA is just reacting to what traffic is receiving, so it must have received this syn on another interface and somehow the packet was also sent outside and received there as well.

The reason that denying with an access-list will work is that the packet will hit the access-list and drop before it can be checked to see if it is a duplicate syn.