Sudden connection failures in TCP traffic such as SSH, NFS, CIFS with Cisco ASA firewall

Solution Unverified - Updated -

Issue

  • After a Cisco ASA firmware upgrade, connections are dropped. The Cisco ASA reports a TCP PAWS failure and drops packets:
33: 19:10:43.774236       802.1Q vlan#123 P0 10.0.0.24:22 > 192.168.0.110:60018: P 299327905:299328005(100) ack 207669419 win 339 <nop,nop,timestamp 2703 2363294310> Drop-reason: (tcp-paws-fail) TCP packet failed PAWS test
  • TCP sessions like SSH appear to hang, but establishing a new session works again straight away
  • NFS Client reports "nfs: server not responding" then "nfs: server OK" 10 minutes later

Environment

  • Red Hat Enterprise Linux
  • Cisco ASA, seen on firmware versions 9.6(2) or 9.1(7)9
  • TCP connection. More likely with long-lived TCP connection such as SSH, NFS, CIFS, etc

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content