What does this message mean?
Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set
I see the client attempt to send this after the TCP connection has been torn down by FIN/ACK, ACK+FIN/ACK, ACK. Our firewall blocks the RST packet sent (with the above "broken tcp" message) because at that point the session has already been removed from the firewall because of the four-way FIN teardown.
asked 28 Mar '11, 13:55
Basically the message says that whenever a TCP packet does not have the ACK flag set, the acknowledge field must be zero and this packet does not comply to that rule.
The reason that you see this message is that the other side has closed it's session (on the Firewall, Loadbalancer or end system) before the last packet comes in, resulting in the RST packet. However, the generation of the RST packet is not valid as the ACK flag is not set and the acknowledge field is non-zero.
answered 28 Mar '11, 15:55
Which side of the firewall did you trace at? Between the client and the firewall or between the firewall and the server? If the server is sending the FIN and you traced between the server and the firewall then it is the server that is causing the client to be kicked out. Everything after the FIN is almost moot, right?
answered 30 Mar '11, 07:56
I ran into this problem with an ASA firewall, windows server 2000, and a VPN connection which wouldn't establish connection. When running traces I got the same error. I uninstalled the VPN software and re-installed it, including re-importing the certificate, and the problem resolved.
answered 19 May '11, 05:25