We help IT Professionals succeed at work.

TCP checksum offload -- how can this be resolved

I am trying to set a custom apache application in my DMZ.  This application needs to speak to another Apache Tomcat application server in my internal network w/ then that server talks to a SQL 2005 database server.

We are having issues with the communications between the Web server in the DMZ to the Application Server w/n the internal network

After running a Wireshark live scan on it, I saw multiple drops of mutliple ports showing the same error message -- "Checksum: (e.g. 0xc1e3) [incorrect, should be "(e.g. 0x17cd)" (maybe caused by "TCP checksum offload")

Does anyone have any suggestions on how we can clean this up so our communication between the Web server in the DMZ, through our ASA firewall to our Application server w/n our network can be smooth.  

Thanks in advance for the help.  

Ryan J. Boyle
Watch Question

I don't think the checksum errors were necessarily drops.  It's common to see these with Wireshark.  Go to section 7.8.2 at http://www.wireshark.org/docs/wsug_html_chunked/ChAdvChecksums.html , it explains it further.

If you don't want to see them, either turn off the checksum offloading in the network driver or turn off checksum validation of the specific protocol in the Wireshark preferences.

Can you better define "communication issues"?  What ports are involved, etc.