f



%PIX-4-419002: Duplicate TCP SYN ?!?!?!?!?!

I'm getting the following messages 7 times a minute  from 2 inside addresses 
to the same destination host.

%PIX-4-419002: Duplicate TCP SYN from inside-HBG:10.1.0.133/1025 to 
outside-HBG:10.12.0.10/4606 with different initial sequence number

The destination host network is a DSL Network on the back side a a Cisco 
1700 series VPNd into a PIX.  That particular host does not exist.

I've checked the 10.1.0.133 PC and it is sending the packets but i dont know 
what process is doing it.


help!!! 


0
Scott
5/24/2006 10:19:06 PM
comp.dcom.sys.cisco 25313 articles. 0 followers. Post Follow

0 Replies
2343 Views

Similar Articles

[PageSpeed] 25

Reply:

Similar Artilces:

ASA 5510 log messages %ASA-4-419002: Duplicate TCP SYN
An ASA 5510 I'm running as an IPSec gateway is producing lots of log messages like this: %ASA-4-419002: Duplicate TCP SYN from inside:192.168.1.100/3650 to outside:10.2.160.51/80 with different initial sequence number Why is this bad, or even worth reporting? Is the obvious solution ("no logging message 419002") also the correct one? TIA Tilman PS: The CCO Error Message Decoder doesn't even know that message and its only suggestion is I might have mistyped it. -- Please excuse my bad English/German/French/Greek/Cantonese/Klingon/... * Tilman Schmidt wrote: > An ASA 5510 I'm running as an IPSec gateway is producing lots of log > messages like this: > > %ASA-4-419002: Duplicate TCP SYN from inside:192.168.1.100/3650 to > outside:10.2.160.51/80 with different initial sequence number > > Why is this bad, or even worth reporting? TCP SYN packets might be lost and resend without modification. That's normal. TCP SYN packets with different sequence numbers are the way to go for opening TCP sessions using a spoofed source IP. This is a serious attack. It's hard to trace the sender, because you can't trust the src IP. So you have to got the routers backward in order to find the attacker. In your case, I'd suspect the guy with 192.168.1.100 to run hacking software. Lutz Donnerhacke wrote: > * Tilman Schmidt wrote: >> An ASA 5510 I'm running as an IPSec gateway is producing lots of log >> messages l...

Cisco PIX 6.1 (4)
Hi All, I am not able to use VPN client to connect to my vpn server across the country to my other offices. I am behind the PIX firewall, the server am connecting to has VPN enabled and is working fine, but if i try to connect from behind the PIX firewall, i am not able to. Please assist. Romeo In article <1142844034.622193.185690@j33g2000cwa.googlegroups.com>, Romeo <Ali.Shariff@gmail.com> wrote: >I am not able to use VPN client to connect to my vpn server across the >country to my other offices. I am behind the PIX firewall, the server >am connecting to has VPN enab...

How do I upgrade the IOS on a Cisco Pix firewall from 4.4 to 6.3?
Hi Everyone, The very first time I saw a Cisco Pix firewall was three days ago when my boss put one on my desk and asked me to upgrade it to 6.35. I have managed to deduce that it is currently running version 4.4, I have configured an interface so that I can connect to tftp server but I can find no command to upload the new binary file. I would normally have expected a 'copy' command if this was a router. Can anyone point me in the right direction please? Thanks, Danny... In article <1157928388.377345.52190@q16g2000cwq.googlegroups.com>, <Daniel.Peaper@gmail.com> wrot...

PIX firewall floods with PIX-4-106023: Deny tcp src inside message.
Our logging on our PIX firewall has been increased to level 4, once on level 3 and now we are receiving numerous messages in our logs from multiple machines on our network ( windows xp sp2 and windows 2003 server sp1). Each warning is from different machines on our network trying to send out udp packets to unknown hosts external to our network. I have tried diagnosing the warning via the following means and this is what I have come up with; Performed a netstat -an -b on the machine which was actively cauing the logs to occur on the firewall. Matched the port which will always be different, e...

Cisco pix 515 + static routes between 2 cisco pix
Hello everybody... I have a big problem with static routes... i have 2 cisco pix 515 with ios 6.3 and 2 interfaces A) cisco pix "A" have 3 VPN tunnels to 3 diferent remotes office Network A (remote office 1) Network B (remote office 2) Network C (remote office 3) B) Cisco pix "B" has no vpn tunnels, but i need to those guys which are connected to this pix... have access to vpn`s tunnel (Network A-Network B-Network C) on PIX "A". C) internal interfaces of Pix "A" and "B" are in the same network and have connectivity eachother (i can ping int...

Cisco pix 515+ static routes between 2 cisco pix
Hello everybody... I have a big problem with static routes... i have 2 cisco pix 515 with ios 6.3 and 2 interfaces A) cisco pix "A" have 3 VPN tunnels to 3 diferent remotes office Network A (remote office 1) Network B (remote office 2) Network C (remote office 3) B) Cisco pix "B" has no vpn tunnels, but i need to those guys which are connected to this pix... have access to vpn`s tunnel (Network A-Network B-Network C) on PIX "A". C) internal interfaces of Pix "A" and "B" are in the same network and have connectivity eachother (i can ping int...

Cisco PIX 6.3.4
Hi, I want to do that with my PIX 501. I have three computer on my lan: 192.168.1.20:ssh server\ \ 192.168.1.30:FTP server-------------------PIX -----------------@Internet / 192.168.1.40Mycomptuter/ outside IP isn't fixed by provider , it's adsl with pppoe I want to have a range port of 4000 to 5000 in nat mode to on my own computer i try nat oustide with access-list (that not works:-() i try to do nat (classical) and that not works.. i lost my ftp server and ssh server second question: is it possible to have vpn ent...

Idle TCP session over Cisco PIX
Hello A TCP session with no keep-alive (in accordance to rfc1122), is closed by Cisco PIX firewall (routing mode, NAT). Increasing "timeout conn" seems problematic. How Cisco PIX should be cofigured to enable a spesific idle session? Ilan In article <203afd07.0505162157.1282b12f@posting.google.com>, Ilan <ilanber@ecitele.com> wrote: :A TCP session with no keep-alive (in accordance to rfc1122), :is closed by Cisco PIX firewall (routing mode, NAT). :Increasing "timeout conn" seems problematic. :How Cisco PIX should be cofigured to enable a spesific idle session? ...

Idle TCP session over Cisco PIX
Hello A TCP session with no keep-alive (in accordance to rfc1122), is closed by Cisco PIX firewall (routing mode, NAT). Increasing "timeout conn" seems problematic. How Cisco PIX should be cofigured to enable a spesific idle session? Ilan In article <203afd07.0505162154.4da81c58@posting.google.com>, Ilan <ilanber@ecitele.com> wrote: :A TCP session with no keep-alive (in accordance to rfc1122), :is closed by Cisco PIX firewall (routing mode, NAT). :Increasing "timeout conn" seems problematic. :How Cisco PIX should be cofigured to enable a spesific idle session? ...

TCP connection with no keep-alive over Cisco PIX
Hello TCP connection with no keep-alive (in accordance to rfc1122) is closed by Cisco PIX firewall (routing mode, NAT). Increasing "timeout conn" seems problematic. How would you suggest to configure Cisco PIX in order to allow this session? Ilan In article <203afd07.0505160119.3e41a139@posting.google.com>, Ilan <ilanber@ecitele.com> wrote: :TCP connection with no keep-alive (in accordance to rfc1122) :is closed by Cisco PIX firewall (routing mode, NAT). :Increasing "timeout conn" seems problematic. Is it closed while there is activity on the conne...

Cisco!! Cisco!! Cisco!!
From http://groups.google.com/group/comp.dcom.sys.cisco/about Top posters This month 18 mer...@geeks.org 11 alagmy 10 bo...@hotmail.co.uk 9 galt...@hotmail.com 9 nom...@example.com 8 troffa...@hotmail.com 8 igor.mamuzicmakni_...@zg.t-com.hr 7 pfisterf...@gmail.com 7 darfun....@gmail.com 6 jfmezei.spam...@vaxination.ca All time 4799 rober...@ibd.nrc-cnrc.gc.ca 2930 aaron@cisco.com 2813 Merv 2370 t...@cisco.com 2356 vcjo...@networkingunlimited.com 1984 b...@cisco.com 1959 bar...@genuity.net 1898 hb...@_nyc.rr.com.remove_ 1745 u...@alp.ee.pbz 1670 bar...@bbnplanet.com -- ...

Idle TCP session over Cisco PIX #2
Thanks for your answers, Is PIX6 to PIX7 a firmware upgrade? May I understand from your answer that PIX7 would support an idle session? ( Sorry for the new thread, but I got the message: Unable to retrieve message d6c2p2$93b$1@canopus.cc.umanitoba.ca ) Ilan In article <203afd07.0505170216.246be06f@posting.google.com>, Ilan <ilanber@ecitele.com> wrote: :Is PIX6 to PIX7 a firmware upgrade? No, it's a software update. PIX 7.0(1) is available for the PIX 515/515E, 525, and 535 only. :May I understand from your answer that PIX7 would support an idle session? No, you should...

PIX 506e FireWall and Cisco VPNClient 4.6
All, I am a newbie to the PIX firewalls. Currently now the PIX is just allowing Internet access. We have users that would like to work remotely. I was thinking about doing a VPN from the firewall to their remote desktops using the Cisco VPN Cleint software. Our setup is veyr simple: Remote PC -> Cable Modem --> Internet --> Office ISP Managed Router -> PIX 506 -> Internal Network I have been looking on the Cisco site and have not found a document that can just simply tell me how to do it. It shouldn't be that difficult either. But I guess difficult enough for my lac...

TCP/IP Socket with Problem on Cisco PIX 515
Hi Guys I have client and server applications which connects via TCP/IP socket. Server is in LAN inside PIX firewall 515. Server has private IP address (10.10.X.XX) and listens on port 8080, which is mapped with public IP address in firewall with static command (static (inside, outside) 203.36.XXX.XXX 10.10.X.XX netmask 255.255.255.255 0 ). Firewall has access list to allow traffic for 203.36.XXX.XXX on port 8080. (access-list acl_outside permit TCP any host 203.36.XXX.XXX eq 8080) Clients is outside LAN, connects to server via cloud on 203.36.XXX.XXX:8080. When I try to establish connectio...

NFS over TCP via PIX firewall (Cisco contradicts itself)
Has anyone been able to use NFS over TCP via a Cisco PIX? Cisco contadicts itself on this issue. On the website at; http://www.cisco.com/warp/public/110/pixfaq.shtml Cisco states.. ------------------------- Q. I cannot get Network File System (NFS) mounts to work across the PIX. What am I doing wrong? A. The PIX does not support portmapper (port 111) over TCP. You should configure your NFS to use UDP instead. -------------------------- but on the Cisco website at; http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008008d2b2.html Ci...

How activate TCP encapsulation on PIX 515 for Cisco VPN Clients?
Hello, how can i activate TCP encapsulation for Cisco VPN clients on the PIX 515, instead of UDP NAT/PAT? I must use on the VPN-Client Side the option "Enable Transport tunneling" -> "IPsec over TCP", because i have some "lowcost" locations with "lowcost" router/firewalls. This router/firewalls have a buggy NAT/PAT implementation (PAT is not working for Ports lower 1024). So if more than 1 user tries to open a VPN-Client connection, the first user will be disconnected. I have found this in the FAQs: Q. I am experiencing problems with only on...

does cisco PIX 520 IOS 5.1 support ipsec over tcp?
I am wodering if I can configure mine to. Scott Emick In article <a2794831.0407160838.165d2a3c@posting.google.com>, Scott Emick <semick@msn.com> wrote: :I am wodering if I can configure mine to. No currently released version of PIX supports ipsec encapsulation within tcp. -- Tenser, said the Tensor. Tenser, said the Tensor. Tension, apprehension, And dissension have begun. -- Alfred Bester (tDM) ...

Trouble with Cisco VPN 4.0 Release with older 501 PIX
I have a PIX 501 VPN with 3des and the client software 3.6.1. My full time job migrated from 3.6.1 to 4.0. When I made the upgrade for them, I found that I could no longer connect to my PIX. If I uninstall the 4.x and install 3.6.1, i could imediately connect and use it. Any idea what might be wrong? Thanks, David I have also found certain version 4 releases are problematic with XP (not sure about other OS). Am currently using Version 4.0.3(A) and that seems to work ok. Fahrvergnugen "David S" <dstrickland@delantesolutions.com> wrote in message news:211c73f5.0401161754...

Need Help
I have set up many PIX-to-PIX but this is the first time I have tried to set up a PIX and VPN Client. I have followed "Cisco - How to Configure the Cisco VPN Client to PIX with AES" and I just can't get to first base. I know I have general connectivity because I can SSH into the PIX on the external interface. Other than that the VPN client says it is 'initializing' and then 'contacting the security gateway', then errors out with reason 412 Using 'show isakmp sa' and 'ipsec sa' at the PIX gives no indication of any pending connection. I w...

Cisco VPN Client 4.04 Rel to a PIX 506E connects, but no traffic
I configured a PIX 506E w/ v6.3 PixOS. I can connect just fine however, I cannot see anything at all on the inside network. Here's my relavant config: access-list nonatinside permit ip 192.168.20.0 255.255.255.0 192.168.21.0 255.255.255.0 ! ip local pool clientpool 192.168.21.10-192.168.21.25 ! sysopt connection permit-ipsec crypto ipsec transform-set a-transform esp-3des esp-md5-hmac crypto dynamic-map mydynmap 10 set transform-set a-transform crypto map mymap 10 ipsec-isakmp dynamic mydynmap ! isakmp policy 10 lifetime 86400 vpngroup testlogin address-pool clientpool vpngroup tes...

Cisco Pix 515 Port forwarding range: 10000-50000 (tcp/udp)
Hello, I would like to do PAT port forward traffic from the outside to a inside on ports: 10000-50000 (tcp/udp)... I do this for single port like: access-list outside_access_in permit tcp any host 208.208.208.208 eq 80 static (inside,outside) tcp 208.208.208.208 80 192.168.1.5 80 netmask 255.255.255.255 0 0 But couldn't find anything how to use range in static.. Best regards, Andras Kende http://www.kende.com In article <c4997c55.0404281554.11fa73b0@posting.google.com>, Andras Kende <andras@kende.com> wrote: :I would like to do PAT port forward traffic from the outside ...

Cisco VPN Client through PIX to a PIX
Hi, I have a weird problem that I will briefly describe and will post the configs up when I can get hold of them. Basically, I have a W2K machine running the Cisco VPN Client. This client is behind a PIX 501 running 6.3(1) software. This client connects to another 3rd party PIX via the Cisco client. The connection works just fine. Connects immediately and all seems well. If I look in the details of the VPN client I can see the routing table specified by the remote PIX. However, whilst I can send data to the remote PIX without problem, it seems nothing is coming back in. Bytes received...

Cisco PIX to PIX VPN issue
I have a client with two locations that I'm setting up a a point-to- point VPN. The tunnel was up and idle earlier today, it's nonexistant now, and I'm out of ideas.. At no time was I able to ping across the PIX's. Pix #1 also has a VPN config for remote clients that works fine. Here's pertinent info from each configs: PIX #1 name 192.168.1.0 CRVSH access-list nonat permit ip 10.0.0.0 255.255.255.0 172.16.10.0 255.255.255.0 access-list nonat permit ip 10.0.0.0 255.255.255.0 CRVSH 255.255.255.0 access-list 101 permit ip 10.0.0.0 255.255.255.0 CRVSH 255.255.255.0 ip addres...

Cisco VPN Client 4.0 versus PIX 501 trough MS ISA
Gents, I hope someone on the Group knows ISA as well as Cisco ;-) We use the Cisco VPN client to connect to a PIX 501. The client is set to use IPSec over UDP. With the client directly on the Internet (no firewall between client and PIX) the connection is flawless. With the client behind an MS ISA server we get a connection but no traffic between the client and the network behind the PIX! On the ISA server I created Protocol Definitions UDP Ports 500/4500/10000 with Send/Receive. The only differents I see on the vpn client is that when connecting through the ISA server: Bytes Received 0 Send ...

Web resources about - %PIX-4-419002: Duplicate TCP SYN ?!?!?!?!?! - comp.dcom.sys.cisco

Resources last updated: 2/28/2016 2:25:23 PM