[c-nsp] Bad TCP Hdr ASA syslog message

David White, Jr. (dwhitejr) dwhitejr at cisco.com
Mon Oct 24 14:16:24 EDT 2011


Because the TCP header check occurs before the L3 interface ACL.

You can verify this by taking a packet capture from this source with the
'trace' option.  Once the problem packet is captured, view the
packet-tracer information on it to see the actions taken on the packet.

Sincerely,

David.

Scott Voll wrote:
> I'm getting syslogs from my ASA:
>
> 10/24/2011 11:01 AM :   %ASA-5-500003: Bad TCP hdr length (hdrlen=24,
> pktlen=58) from 110.75.27.14/80 to x.y.z.a/23597, flags: SYN ACK , on
> interface Outside
>
> Since I have this Block from China as my first deny statement, Why do I
> still get these Syslogs?
>
> Thanks
>
> Scott
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>   



More information about the cisco-nsp mailing list