Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco ASA - "Duplicate TCP SYN from UNTRUST: xxx.xxx.xxx.xxx/port to TRUST:yyy.yyy.yyy.yyy/port with diffferent sequence number"

Hi All,

I have a system on the TRUST zone of Cisco ASA that is accessible from Internet which is the UNTRUST zone. There's a firewall rule configured as "Source (UNTRUST zone): ANY (internet) to Destination (TRUST zone): xxx.xxx.xxx.xxx, with destination port: TCP/yyyyy".

Initial connection works fine, but succeeding connectivity is not established and we see logs from the firewall "Duplicate TCP SYN from UNTRUST: xxx.xxx.xxx.xxx/port to TRUST:yyy.yyy.yyy.yyy/port with diffferent sequence number"

To further isolate, we have created a specific rule as "Source (UNTRUST zone): specific ip from internet to Destination (TRUST zone): xxx.xxx.xxx.xxx. with destination port: TCP/yyyyy" and initiate again the connection. But then, we still get the logs "Duplicate TCP SYN from UNTRUST: xxx.xxx.xxx.xxx/port to TRUST:yyy.yyy.yyy.yyy/port with diffferent sequence number"

I'm not sure if this is a SNY Attack but I doubt it is as we don't see much of this logs aside from this specific connection. Is there anything that I could miss configuring on the Cisco ASA firewall?

 

Best Regard,

Mel

305
Views
0
Helpful
0
Replies
CreatePlease to create content