My public IP address changed for my Road Runner connection so I adjusted my access-list and static NAT statements to reflect the change so users could connect to a FTP server on the Inside of my network. After making the changes I?m now getting a log message I?ve never seen and I was curious if anyone had.
106001: Inbound TCP connection denied from 184.108.40.206/40169 to 220.127.116.11/19999 flags SYN on interface outside
PIX Version 6.3(5)
object-group service FTP_Port tcp
port-object eq 19999
access-list outside permit tcp any host 18.104.22.168 object-group FTP_Port
ip address outside dhcp setroute (My IP is 22.214.171.124)
ip address inside 10.10.10.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
global (outside) 1 interface
nat (inside) 1 10.10.10.0 255.255.255.0 0 0
static (inside,outside) tcp 126.96.36.199 19999 10.10.10.150 ftp netmask 255.255.255.255 0 0
This is what I get from Cisco.
Error Message %PIX-2-106001: Inbound TCP connection denied from IP_address/port to
IP_address/port flags tcp_flags on interface interface_name
Explanation: This is a connection-related message. This message occurs when an attempt to connect
to an inside address is denied by your security policy. Possible tcp_flags values correspond to the
flags in the TCP header that were present when the connection was denied. For example, a TCP
packet arrived for which no connection state exists in the PIX Firewall, and it was dropped. The
tcp_flags in this packet are FIN and ACK.
The tcp_flags are as follows:
? ACK?The acknowledgment number was received.
? FIN?Data was sent.
? PSH?The receiver passed data to the application.
? RST?The connection was reset.
? SYN?Sequence numbers were synchronized
? URG?The urgent pointer was declared
Recommended Action None required.