Packet Capture shows: Packet dropped - Connection Cache Add Failed

Description

Running a packet capture is showing a dropped packet as below:

Drop Code: Connection Cache Add Failed (or any type of Cache drop packet)

 Image

Cause

This can happen when one side of a TCP connection either ends (FIN) the connection or resets it (RST).The SonicWall keeps track of the state of the TCP connection and once it sees either of these two packets, it closes the socket.All subsequent packets sent on the same socket will be dropped because they are invalid (they reference a connection that no longer exists).

Resolution

In a Site to Site VPN context, to avoid these types of dropped packets it's strongly recommended to use Public IP addresses on the WAN interfaces of both sides of the VPN.

Indeed a double NAT in some network environments can cause issues with the packet transmission and as a consequence drops packets.

Related Articles

  • アプリケーション制御を使用して ICMP(Ping)をブロックする方法
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
NSa Series
System
Firewalls
NSv Series
System
Firewalls
TZ Series
System
not finding your answers?
Ask the Community