Solved

Excessive tcp resends from my ASA

Posted on 2016-10-08
7
74 Views
Last Modified: 2016-11-27
I'm seeing an inordinate amount of tcp denies in my ASA that are not attributable to my access lists.  The logging is over 90% tcp deny with mostly PSH ACK and some ACK and very seldomly FIN.
There doesn't appear to be a network performance degradation, but I am concerned that there is an issue, plus it is filling up my syslog server more rapidly.
I will send a sample log output soon, but I am looking for ASA experts and tcp transaction experts to help me find out what is going on.
Thank you.
0
Comment
Question by:Ted James
  • 4
  • 3
7 Comments
 

Author Comment

by:Ted James
ID: 41835940
Enclosed is a sample log output.  Any Cisco ASA experts out there that could decipher the many tcp deny logs entries (more than usual compared to other ASAs we have)?
logs.docx
0
 
LVL 62

Expert Comment

by:gheist
ID: 41836032
Can you post plain-text log and attach sample pcap file of tcp retries actually happening?
0
 

Author Comment

by:Ted James
ID: 41842342
Unfortunately I don't have capability to do a pcap on that network.  I am relying on logs from ASA only.

Can you tell me in general what is the cause for something like this?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 62

Expert Comment

by:gheist
ID: 41842617
Any TCP stack do resends not receiving acks on time.
For experiment disable SACK/FACK/DACK if linux is there, that should make it more latency sensitive but make more acks and less resends.
0
 

Author Comment

by:Ted James
ID: 41865521
Sorry I have been out of commission for a while.
Does the fact that my ASA is in "transparent" mode that could have an affect on this?
0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 41871316
There is some small resends expected under normal network conditions. You need to capture per-connection to see where they come from.
0
 

Author Closing Comment

by:Ted James
ID: 41903591
Thank you!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stuck in INIT/DROTHER 2 52
Palo Alto Networks - find the sec zone 3 65
Use multiple VLANs on the same interface on a Cisco 877 4 47
Changing VLAN information 3 16
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question