Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lucifer
Explorer

First packet isn't SYN; TCP flags RST-ACK

Hello,

Today i saw a issue where user traffic was intermittently getting dropped with error "First packet isn't SYN; TCP flags RST-ACK" where sometimes it is being accepted.

This is traffic between two servers where our firewall comes in between. user mentioned that the issue was being faced from past 6 months.

The traffic is being passed through a DC firewall.

Can i have some suggestions here to solve user issue.

 Thanks.

0 Kudos
4 Replies
_Val_
Admin
Admin

Check you are using the latest Jumbo HFA. If this is the case, open a TAC request

0 Kudos
Lucifer
Explorer

Thanks for your reply. Here the issue is not with whole device. It is only for a particular Source to Destination servers.

0 Kudos
Jones
Participant

Did you find the root cause and a solution of this issue?

0 Kudos
Bob_Zimmerman
Advisor

Accepts with "First packet isn't SYN. TCP flags: RST-ACK" interspersed are almost always caused by a problem further along the path. Specifically, it happens when the client sends a SYN, doesn't get a SYN-ACK, and its TCP connection timeout is longer than the firewall's. The firewall doesn't see a SYN-ACK, so it closes the half-open connection after a few seconds (I think 30 by default? Maybe 60?). After a longer timeout, the client eventually gives up and sends a RST-ACK.

0 Kudos