duplicate tcp syn messages

Unanswered Question
Oct 7th, 2009

'm using the ASA for anyconnect users and I keep seeing log messages similar to the following:

4 date=Oct 07 2009 Source IP=10.1.1.201 Source Port=17571 Destination IP=10.0.250.18 Destination Port53887 Duplicate TCP SYN from inside:10.1.1.201/17571 to inside:10.0.250.18/53887 with different initial sequence number

The source changes from various server (so far our Anti-virus server, dns, and Active directory servers) the destination appears to be client ip's that have disconnected.

I would like to stop this as it is filling my logs up with spurious information

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
auraza Thu, 10/08/2009 - 10:42

Do you have another firewall in the middle that may be randomizing sequence numbers?

3msands Thu, 10/08/2009 - 11:17

I do have a firewall services module between them, how do I tell if it is randomizing the sequence numbers?

auraza Thu, 10/08/2009 - 12:44

It does it by default unless you disable it, through a tcp map.

Actions

This Discussion