Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
772
Views
0
Helpful
1
Replies

errors in web access

Go to solution
suthomas1
Level 6
Level 6

‎08-27-2010 01:24 AM - edited ‎03-11-2019 11:31 AM

One of our European location is encountering below 2 errors on their firewall.

Expected SYN, got FIN-ACK & Expected  SYN, got RST

this firewall is non-cisco product. these are seen more in lines where internet users try using organisation web

server inside their secure zone segment. no problems have been reported out of these, but it is seen very frequently.

Any help will be highly appreciated,

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎08-30-2010 08:52 PM

I applaude your confidence in Cisco products and engineers.

I googled this "expected syn got fin ack" and found this link

http://mail.adeptech.com/pipermail/sidewinder/2008-July/002631.html

which pretty much says to read the error message as

Expected SYN-ACK, got FIN-ACK &

Expected  SYN-ACK, got RST

Meaning the second packet of the 3-way hand shake does not arrive.

Pls. collect wireshark (http://www.wireshark.org) captures and find out who is sending the reset or the fin-ack.

-KS

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎08-30-2010 08:52 PM

I applaude your confidence in Cisco products and engineers.

I googled this "expected syn got fin ack" and found this link

http://mail.adeptech.com/pipermail/sidewinder/2008-July/002631.html

which pretty much says to read the error message as

Expected SYN-ACK, got FIN-ACK &

Expected  SYN-ACK, got RST

Meaning the second packet of the 3-way hand shake does not arrive.

Pls. collect wireshark (http://www.wireshark.org) captures and find out who is sending the reset or the fin-ack.

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card