08-20-2014 12:35 AM - edited 03-11-2019 09:39 PM
Users behind the PAT are have problem to access to the internet, to the different sites. The sites are opened are very slowly or not opens. In ASA log i view this one:
Teardown TCP connection 1027324458 for outside: xx.xx.xx.xx/80 to inside: xx.xx.xx.xx/49843 duration 0:00:30 bytes 0 SYN Timeout
But users behind the NAT have not these problems.
08-20-2014 01:58 AM
Hi,
This happens because 3-way handshake process was not able to complete within the timeout limit set on ASA. In general it should not be problem with ASA.... might be the load on to the PAT ip very high... mean the number of translations is more.....
Also make sure that you shouldn't have an overlapping rule in place... PAT and static NAT overlapping....
Regards
Karthik
08-21-2014 02:34 AM
Maybe this can help someone. I did failover to another asa, and reload primary, then returned to primary. Now everything is working fine.
08-21-2014 03:16 AM
Nice to hear that you were managed to solved the problem. But you can make it sure, when you have the full load and xlate count is very high..... This never happens in a generic circumstance...
Regards
Karthik
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: