Sudden connection failures in TCP traffic such as SSH, NFS, CIFS with Cisco ASA firewall
Issue
- After a Cisco ASA firmware upgrade, connections are dropped. The Cisco ASA reports a TCP PAWS failure and drops packets:
33: 19:10:43.774236 802.1Q vlan#123 P0 10.0.0.24:22 > 192.168.0.110:60018: P 299327905:299328005(100) ack 207669419 win 339 <nop,nop,timestamp 2703 2363294310> Drop-reason: (tcp-paws-fail) TCP packet failed PAWS test
- TCP sessions like SSH appear to hang, but establishing a new session works again straight away
- NFS Client reports "nfs: server not responding" then "nfs: server OK" 10 minutes later
Environment
- Red Hat Enterprise Linux
- Cisco ASA, seen on firmware versions
9.6(2)or9.1(7)9 - TCP connection. More likely with long-lived TCP connection such as SSH, NFS, CIFS, etc
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
