My public IP address changed for my Road Runner connection so I adjusted my access-list and static NAT statements to reflect the change so users could connect to a FTP server on the Inside of my network. After making the changes I?m now getting a log message I?ve never seen and I was curious if anyone had.

106001: Inbound TCP connection denied from 60.223.142.199/40169 to 23.209.122.20/19999 flags SYN on interface outside

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

My config:

PIX Version 6.3(5)

object-group service FTP_Port tcp

port-object eq 19999

access-list outside permit tcp any host 23.209.122.20 object-group FTP_Port

ip address outside dhcp setroute (My IP is 23.209.122.20)

ip address inside 10.10.10.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

global (outside) 1 interface

nat (inside) 1 10.10.10.0 255.255.255.0 0 0

static (inside,outside) tcp 23.209.122.20 19999 10.10.10.150 ftp netmask 255.255.255.255 0 0

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

This is what I get from Cisco.

Error Message %PIX-2-106001: Inbound TCP connection denied from IP_address/port to

IP_address/port flags tcp_flags on interface interface_name

Explanation: This is a connection-related message. This message occurs when an attempt to connect

to an inside address is denied by your security policy. Possible tcp_flags values correspond to the

flags in the TCP header that were present when the connection was denied. For example, a TCP

packet arrived for which no connection state exists in the PIX Firewall, and it was dropped. The

tcp_flags in this packet are FIN and ACK.

The tcp_flags are as follows:

? ACK?The acknowledgment number was received.

? FIN?Data was sent.

? PSH?The receiver passed data to the application.

? RST?The connection was reset.

? SYN?Sequence numbers were synchronized

? URG?The urgent pointer was declared

Recommended Action None required.