TCP Reset-I

Unanswered Question
Mar 6th, 2007


I have a host on the inside which is being accessed from the outside. I have a static NAT defined and have the access list configured to permit the out to in traffic.

This is not working however and i can see in my syslogs that i am getting TCP Reset-I recorded.

Is this a config mistake on my behalf ?

Is this reset coming from the Pix ?

Is this reset coming from the inside host ?

Thanks, really scratching my head over this one.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
suschoud Wed, 03/07/2007 - 06:33

what is the default gateway on the inside server.please make sure that it's sending the traffic to the inside interface of the firewall.

that's the first step.

if the d.g. is ,let's say the inside interafce of the firewall,then we have an issue with the server settings.

please check and let us know how it goes.



vitripat Wed, 03/07/2007 - 08:21

The default gw must be PIXs inside interace. If the DG was not PIX inside interface, the syslog would showup teardown with flag "SYN Timeout", the very fact that connection is being torn doen due to "Reset-I" indicates that server is sending the responses back to PIX. Its not an issue with DG on the server.




This Discussion