Author Topic: packet dropped, Tcp seq check failed  (Read 489 times)

rjuniper

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
packet dropped, Tcp seq check failed
« on: March 14, 2017, 11:33:40 am »
I am troubleshooting a NetScreen to NetScreen packet routing issue where one of the netscreens is dropping a packet with this message:

****** packet decapsulated, type=ipsec, len=56******
  ipid = 28750(704e), @05f64a64
  ethernet0/2:10.36.18.119/443->10.91.0.11/3333,6<Root>
  existing session found. sess token 4
  flow got session.
  flow session id 52158
  flow_main_body_vector in ifp ethernet0/2 out ifp N/A
  flow vector index 0x107, vector addr 0x3f29334, orig vector 0x3f29334
  adjust bi-directional vpn tcp mss.
  tcp seq check.
  packet dropped, Tcp seq check failed
  **** pak processing end.


When I check the NetScreen configuration on both sides, I can see that TCP Sequence Checking has been disabled:

get config | inc seq
unset flow no-tcp-seq-check

get config | inc syn
unset flow tcp-syn-check


Is there another hidden setting I need to change to get the packet to pass?

Thanks!