10-07-2009 12:13 PM
'm using the ASA for anyconnect users and I keep seeing log messages similar to the following:
4 date=Oct 07 2009 Source IP=10.1.1.201 Source Port=17571 Destination IP=10.0.250.18 Destination Port53887 Duplicate TCP SYN from inside:10.1.1.201/17571 to inside:10.0.250.18/53887 with different initial sequence number
The source changes from various server (so far our Anti-virus server, dns, and Active directory servers) the destination appears to be client ip's that have disconnected.
I would like to stop this as it is filling my logs up with spurious information
10-08-2009 10:42 AM
Do you have another firewall in the middle that may be randomizing sequence numbers?
10-08-2009 11:17 AM
I do have a firewall services module between them, how do I tell if it is randomizing the sequence numbers?
10-08-2009 12:44 PM
It does it by default unless you disable it, through a tcp map.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide