duplicate tcp syn messages

Unanswered Question
Oct 7th, 2009
User Badges:

'm using the ASA for anyconnect users and I keep seeing log messages similar to the following:

4 date=Oct 07 2009 Source IP= Source Port=17571 Destination IP= Destination Port53887 Duplicate TCP SYN from inside: to inside: with different initial sequence number

The source changes from various server (so far our Anti-virus server, dns, and Active directory servers) the destination appears to be client ip's that have disconnected.

I would like to stop this as it is filling my logs up with spurious information

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
auraza Thu, 10/08/2009 - 10:42
User Badges:
  • Cisco Employee,

Do you have another firewall in the middle that may be randomizing sequence numbers?

3msands Thu, 10/08/2009 - 11:17
User Badges:

I do have a firewall services module between them, how do I tell if it is randomizing the sequence numbers?

auraza Thu, 10/08/2009 - 12:44
User Badges:
  • Cisco Employee,

It does it by default unless you disable it, through a tcp map.


This Discussion