Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Established Connections Increase Dramatically

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> Established Connections Increase Dramatically Page: [1]
Login
Message << Older Topic   Newer Topic >>
Established Connections Increase Dramatically - 3.Jul.2007 2:47:16 AM   
daniel.clements

 

Posts: 7
Joined: 17.Jan.2007
Status: offline 		Hi,

We have had an ongoing issue that we thought (until just now) had been resolved.

In short, we publish a number of services through our ISA array (2x ISA2K4 Ent servers) through an NLB cluster.

Our users all NAT to one public IP address before hitting the external interface of the ISA array, and as we all know, NLB takes these connection requests and tunnels them through only one of the two ISA servers. Our usual traffic pattern shows around 2500 to 3000 concurrent connections from this one public IP address.

The problem we are having has just now occurred again. The concurrent connections on ISA blow out from 3000 concurrent connections up to around 7700 connections. These are all from the one public IP address.

The proxy server that the users pass through shows only the standard 3000 connections on their external interface.

There is a definite discrepancy here.

Our ISA logging indicates some errors of the description "0xc0040034 FWX_E_SEQ_ACK_MISMATCH".

The only short term fix available to us is to restart the ISA firewall services and terminate all concurrent TCP connections. This resolves the issue, but as I have said, it is reoccurring.

We have setup a computer set with this public IP address and defined the connection limit as "99999999" to ensure that this is not being reached. No other errors indicate that this is the case.

Has anyone seen this behaviour before?

Any information would be much appreciated.

Cheers,

Dan
Post #: 1
RE: Established Connections Increase Dramatically - 6.Jul.2007 4:50:45 AM   
ashique

 

Posts: 19
Joined: 22.Jun.2007
Status: offline 		Dear,

Description of error : A TCP packet was rejected because it has an invalid sequence number or an invalid acknowledgement number

Pls refer : http://www.microsoft.com/technet/isa/2006/Logging_Reference.mspx

This might be flooding of external network  to your real ip. Pls check with Packet Sniffer for this.

_____________________________

Regards,

JenBogo

(in reply to daniel.clements)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> SecureNAT Client >> Established Connections Increase Dramatically Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts