Packet dropped, Tcp seq check failed
rjuniper last edited by
I am troubleshooting a NetScreen to NetScreen packet routing issue where one of the netscreens is dropping a packet with this message:
****** packet decapsulated, type=ipsec, len=56******
ipid = 28750(704e), @05f64a64
ethernet0/2:10.36.18.119/443->10.91.0.11/3333,6 <root>existing session found. sess token 4
flow got session.
flow session id 52158
flow_main_body_vector in ifp ethernet0/2 out ifp N/A
flow vector index 0x107, vector addr 0x3f29334, orig vector 0x3f29334
adjust bi-directional vpn tcp mss.
tcp seq check.
packet dropped, Tcp seq check failed
**** pak processing end.
When I check the NetScreen configuration on both sides, I can see that TCP Sequence Checking has been disabled:
get config | inc seq
unset flow no-tcp-seq-check
get config | inc syn
unset flow tcp-syn-check
Is there another hidden setting I need to change to get the packet to pass?