Here is my problem. I have a customer that is having an ASA 5520. My customer uses an Alteon to load-balance sessions between its servers.
The problem occurs during the establishment of the session. The client sends a SYN packet (seq = 0) to establish the session. The ASA sees the packet and create a session. Then, the Alteon receives the packet and answers with a SYN,ACK (seq = random; ack= 1). That is normal. But, because of the quality of the Internet link, the SYN,ACK is lost. So, the client sends a new SYN packet (seq =0) with the same sequence number. The ASA sees that new packet. As it is having a session for that device, it does not create a new one. Then the Alteon receives the SYN packet. It answers with a new randomized sequence number for the SYN,ACK (seq = ramdom2; ack = 1). When the ASA sees that new packet it drops it because it does not understand why the sequence number is different.
Is there any way to change the behavior of the ASA? Concerning the alteon, the only solution seems to be to disable the "dbind" option. But to do so, my customer needs to use only clientip persistence. And he would prefer to use cookie.
Thanks in advance for your help.