Packet dropped, Tcp seq check failed



  • I am troubleshooting a NetScreen to NetScreen packet routing issue where one of the netscreens is dropping a packet with this message:

    ****** packet decapsulated, type=ipsec, len=56******
      ipid = 28750(704e), @05f64a64
      ethernet0/2:10.36.18.119/443->10.91.0.11/3333,6 <root>existing session found. sess token 4
      flow got session.
      flow session id 52158
      flow_main_body_vector in ifp ethernet0/2 out ifp N/A
      flow vector index 0x107, vector addr 0x3f29334, orig vector 0x3f29334
      adjust bi-directional vpn tcp mss.
      tcp seq check.
      packet dropped, Tcp seq check failed
      **** pak processing end.

    When I check the NetScreen configuration on both sides, I can see that TCP Sequence Checking has been disabled:

    get config | inc seq
    unset flow no-tcp-seq-check

    get config | inc syn
    unset flow tcp-syn-check

    Is there another hidden setting I need to change to get the packet to pass?

    Thanks!</root>


 

32
Online

38.4k
Users

12.7k
Topics

44.5k
Posts