Because the TCP header check occurs before the L3 interface ACL. You can verify this by taking a packet capture from this source with the 'trace' option. Once the problem packet is captured, view the packet-tracer information on it to see the actions taken on the packet.
Sincerely, David. Scott Voll wrote: > I'm getting syslogs from my ASA: > > 10/24/2011 11:01 AM : %ASA-5-500003: Bad TCP hdr length (hdrlen=24, > pktlen=58) from 110.75.27.14/80 to x.y.z.a/23597, flags: SYN ACK , on > interface Outside > > Since I have this Block from China as my first deny statement, Why do I > still get these Syslogs? > > Thanks > > Scott > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
