×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco ASA - "Duplicate TCP SYN from UNTRUST: xxx.xxx.xxx.xxx/port to TRUST:yyy.yyy.yyy.yyy/port with diffferent sequence number"

Unanswered Question
Mar 16th, 2014
User Badges:

Hi All,

I have a system on the TRUST zone of Cisco ASA that is accessible from Internet which is the UNTRUST zone. There's a firewall rule configured as "Source (UNTRUST zone): ANY (internet) to Destination (TRUST zone): xxx.xxx.xxx.xxx, with destination port: TCP/yyyyy".

Initial connection works fine, but succeeding connectivity is not established and we see logs from the firewall "Duplicate TCP SYN from UNTRUST: xxx.xxx.xxx.xxx/port to TRUST:yyy.yyy.yyy.yyy/port with diffferent sequence number"

To further isolate, we have created a specific rule as "Source (UNTRUST zone): specific ip from internet to Destination (TRUST zone): xxx.xxx.xxx.xxx. with destination port: TCP/yyyyy" and initiate again the connection. But then, we still get the logs "Duplicate TCP SYN from UNTRUST: xxx.xxx.xxx.xxx/port to TRUST:yyy.yyy.yyy.yyy/port with diffferent sequence number"

I'm not sure if this is a SNY Attack but I doubt it is as we don't see much of this logs aside from this specific connection. Is there anything that I could miss configuring on the Cisco ASA firewall?

 

Best Regard,

Mel

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion