On 26 Mar 2001, at 13:52, Pieckiel, Kevin A wrote:
> I have a PIX 520 and my inbound users (who ftp data from us) keep
> complaining about their connections getting timeout errors. I've turned on
> debugging in the logs and I see a multitude of teardown events as such:
>
> Mar 23 11:02:11 firewall Mar 23 2001 10:53:45: %PIX-6-302002: Teardown TCP
> connection 491419 faddr x.x.x.x/45972 gaddr y.y.y.y/21 laddr z.z.z.z/21
> duration 0:29:36 bytes 190361 (TCP Reset-O)
Last time I saw these on my PIX 515 it was because I had 2 static mappings
to the same private address by accident. The PIX was fine until a request
came in on the second mapping, that would cause the first mapping to be
discarded, and only a restart of the PIX could get it going again. I finally went
through the PIX config line by line and found this double mapping and
removed the extra one (well, mapped it to a different private IP) and haven't
had a problem since.
The other reason for TCP Reset-O could be the TCP/IP driver sending a reset
packet or an IDS tool on the network (such as snort) sending the reset in
response to a false positive on a rule check against a packet of data, but I'd
look into the double static mapping possibility first.
Dan
---
D.C. Crichton email: [EMAIL PROTECTED]
Senior Systems Analyst tel: +44 (0)121 706 6000
Computer Manuals Ltd. fax: +44 (0)121 606 0477
Computer book info on the web:
http://computer-manuals.co.uk/
Want to earn money? Join our affiliate network!
http://computer-manuals.co.uk/affiliate/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
