Sudden connection failures in TCP traffic such as SSH, NFS, CIFS with Cisco ASA firewall

Solution Unverified - Updated -

Issue

  • After a Cisco ASA firmware upgrade, connections are dropped. The Cisco ASA reports a TCP PAWS failure and drops packets:
33: 19:10:43.774236       802.1Q vlan#123 P0 10.0.0.24:22 > 192.168.0.110:60018: P 299327905:299328005(100) ack 207669419 win 339 <nop,nop,timestamp 2703 2363294310> Drop-reason: (tcp-paws-fail) TCP packet failed PAWS test
  • TCP sessions like SSH appear to hang, but establishing a new session works again straight away
  • NFS Client reports "nfs: server not responding" then "nfs: server OK" 10 minutes later

Environment

  • Red Hat Enterprise Linux
  • Cisco ASA, seen on firmware versions 9.6(2) or 9.1(7)9
  • TCP connection. More likely with long-lived TCP connection such as SSH, NFS, CIFS, etc

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.