Having trouble with a L2L VPN between a ASA5520 and Checkpoint NGX. Traffic passes through just fine for most users but we are seeing problems where some users (but not always the same users) are unable to connect. I'm seeing
Inbound TCP connection denied from x.x.x.x/1171 to y.y.y.y/80 flags SYN on interface Outside.
My understanding of this is the ASA is seeing a new connection coming in (SYN flag is set) but the ASA thinks there is an existing connection it should be using.
Any ideas on what would cause this and if there is anyway to clear the connection for a single IP address?