Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 115
  • Last Modified:

Excessive tcp resends from my ASA

I'm seeing an inordinate amount of tcp denies in my ASA that are not attributable to my access lists.  The logging is over 90% tcp deny with mostly PSH ACK and some ACK and very seldomly FIN.
There doesn't appear to be a network performance degradation, but I am concerned that there is an issue, plus it is filling up my syslog server more rapidly.
I will send a sample log output soon, but I am looking for ASA experts and tcp transaction experts to help me find out what is going on.
Thank you.
0
Ted James
Asked:
Ted James
  • 4
  • 3
1 Solution
 
Ted JamesAuthor Commented:
Enclosed is a sample log output.  Any Cisco ASA experts out there that could decipher the many tcp deny logs entries (more than usual compared to other ASAs we have)?
logs.docx
0
 
gheistCommented:
Can you post plain-text log and attach sample pcap file of tcp retries actually happening?
0
 
Ted JamesAuthor Commented:
Unfortunately I don't have capability to do a pcap on that network.  I am relying on logs from ASA only.

Can you tell me in general what is the cause for something like this?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
gheistCommented:
Any TCP stack do resends not receiving acks on time.
For experiment disable SACK/FACK/DACK if linux is there, that should make it more latency sensitive but make more acks and less resends.
0
 
Ted JamesAuthor Commented:
Sorry I have been out of commission for a while.
Does the fact that my ASA is in "transparent" mode that could have an affect on this?
0
 
gheistCommented:
There is some small resends expected under normal network conditions. You need to capture per-connection to see where they come from.
0
 
Ted JamesAuthor Commented:
Thank you!
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now