Excessive TCP retransmits on Pix 525 7.0(1)

anderslaastad · ‎12-15-2005

I have this problem with my PIX 525 running version 7.0(1). almost every packet being sent or received by the pix for PATed traffic is retransmitted or receives duplicate ACKs. I've seen this reported as a bug on version 6.3 but not on 7.0(1)

Traffic not PATed seems fine.

Has anyone else encountered this problem?

I'm going to upgrade from 7.0(1) to 7.0(4) as soon as possible but not sure this will fix it.

There are no errors on the interface.

Currently all the traffic flows through gig0 as different vlans, even inside and outside.

Any help would be appreciated.

Report Inappropriate Content · ‎12-21-2005

I think the issue is Uses TCP and excessive connection requests. To avoid this confiure SYN flooding which is a Type of DoS Attack Prevention.

anderslaastad · ‎12-22-2005

The problem is that it seems to be valid traffic originating from inside our network.

This problem occurs even with the web traffic I am generating as I'm writing this reply.

All traffic from inside when PATed out seems to have this problem, traffic not PATed works fine.

Whenever traffic is sent out the outside interface of the PIX with the source address of the PIX this problem occurs.

Therefore I don't think it's a SYN flood related problem.

roturner · ‎12-22-2005

Hello, you are right in what you say and if you upgrade it will cure the issue. I suggest you upgrade to 7.0.4.4 interim as there are many bug fixes in here. (37 from 7.0.4.1 to 7.0.4.3 alone) I had a PIX 515E running like a dog that was using PAT and after the upgrade is now ok.

I hope this helps.