[c-nsp] Bad TCP Hdr ASA syslog message
David White, Jr. (dwhitejr)
dwhitejr at cisco.com
Mon Oct 24 14:16:24 EDT 2011
Because the TCP header check occurs before the L3 interface ACL.
You can verify this by taking a packet capture from this source with the
'trace' option. Once the problem packet is captured, view the
packet-tracer information on it to see the actions taken on the packet.
Sincerely,
David.
Scott Voll wrote:
> I'm getting syslogs from my ASA:
>
> 10/24/2011 11:01 AM : %ASA-5-500003: Bad TCP hdr length (hdrlen=24,
> pktlen=58) from 110.75.27.14/80 to x.y.z.a/23597, flags: SYN ACK , on
> interface Outside
>
> Since I have this Block from China as my first deny statement, Why do I
> still get these Syslogs?
>
> Thanks
>
> Scott
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list