Solved

Excessive tcp resends from my ASA

Posted on 2016-10-08
7
66 Views
Last Modified: 2016-11-27
I'm seeing an inordinate amount of tcp denies in my ASA that are not attributable to my access lists.  The logging is over 90% tcp deny with mostly PSH ACK and some ACK and very seldomly FIN.
There doesn't appear to be a network performance degradation, but I am concerned that there is an issue, plus it is filling up my syslog server more rapidly.
I will send a sample log output soon, but I am looking for ASA experts and tcp transaction experts to help me find out what is going on.
Thank you.
0
Comment
Question by:Ted James
  • 4
  • 3
7 Comments
 

Author Comment

by:Ted James
ID: 41835940
Enclosed is a sample log output.  Any Cisco ASA experts out there that could decipher the many tcp deny logs entries (more than usual compared to other ASAs we have)?
logs.docx
0
 
LVL 62

Expert Comment

by:gheist
ID: 41836032
Can you post plain-text log and attach sample pcap file of tcp retries actually happening?
0
 

Author Comment

by:Ted James
ID: 41842342
Unfortunately I don't have capability to do a pcap on that network.  I am relying on logs from ASA only.

Can you tell me in general what is the cause for something like this?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 62

Expert Comment

by:gheist
ID: 41842617
Any TCP stack do resends not receiving acks on time.
For experiment disable SACK/FACK/DACK if linux is there, that should make it more latency sensitive but make more acks and less resends.
0
 

Author Comment

by:Ted James
ID: 41865521
Sorry I have been out of commission for a while.
Does the fact that my ASA is in "transparent" mode that could have an affect on this?
0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 41871316
There is some small resends expected under normal network conditions. You need to capture per-connection to see where they come from.
0
 

Author Closing Comment

by:Ted James
ID: 41903591
Thank you!
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IP address incorrect 8 79
Pfsense - and other email Servers 8 36
CISCO Smartnet agreement 5 34
Remote Desktop Support Tools Like "Go to MY PC", etc 10 27
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question