Solved

Excessive tcp resends from my ASA

Posted on 2016-10-08
7
98 Views
Last Modified: 2016-11-27
I'm seeing an inordinate amount of tcp denies in my ASA that are not attributable to my access lists.  The logging is over 90% tcp deny with mostly PSH ACK and some ACK and very seldomly FIN.
There doesn't appear to be a network performance degradation, but I am concerned that there is an issue, plus it is filling up my syslog server more rapidly.
I will send a sample log output soon, but I am looking for ASA experts and tcp transaction experts to help me find out what is going on.
Thank you.
0
Comment
Question by:Ted James
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 

Author Comment

by:Ted James
ID: 41835940
Enclosed is a sample log output.  Any Cisco ASA experts out there that could decipher the many tcp deny logs entries (more than usual compared to other ASAs we have)?
logs.docx
0
 
LVL 62

Expert Comment

by:gheist
ID: 41836032
Can you post plain-text log and attach sample pcap file of tcp retries actually happening?
0
 

Author Comment

by:Ted James
ID: 41842342
Unfortunately I don't have capability to do a pcap on that network.  I am relying on logs from ASA only.

Can you tell me in general what is the cause for something like this?
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 62

Expert Comment

by:gheist
ID: 41842617
Any TCP stack do resends not receiving acks on time.
For experiment disable SACK/FACK/DACK if linux is there, that should make it more latency sensitive but make more acks and less resends.
0
 

Author Comment

by:Ted James
ID: 41865521
Sorry I have been out of commission for a while.
Does the fact that my ASA is in "transparent" mode that could have an affect on this?
0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 41871316
There is some small resends expected under normal network conditions. You need to capture per-connection to see where they come from.
0
 

Author Closing Comment

by:Ted James
ID: 41903591
Thank you!
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question