TCP Reset-I

Unanswered Question
Mar 6th, 2007
User Badges:

Hi,


I have a host on the inside which is being accessed from the outside. I have a static NAT defined and have the access list configured to permit the out to in traffic.


This is not working however and i can see in my syslogs that i am getting TCP Reset-I recorded.


Is this a config mistake on my behalf ?


Is this reset coming from the Pix ?


Is this reset coming from the inside host ?


Thanks, really scratching my head over this one.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
vitripat Tue, 03/06/2007 - 14:53
User Badges:
  • Gold, 750 points or more

This reset is coming from the inside host. PIX is not sending this RESET. We need to look at the server on the inside for specific settings if something is misconfigured. Following link explains all the flags for the syslog message you are getting-


http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/syslog/logmsgs.htm#wp1280675


Regards,

Vibhor.

suschoud Wed, 03/07/2007 - 06:33
User Badges:
  • Gold, 750 points or more

what is the default gateway on the inside server.please make sure that it's sending the traffic to the inside interface of the firewall.


that's the first step.

if the d.g. is ,let's say the inside interafce of the firewall,then we have an issue with the server settings.


please check and let us know how it goes.


Regards,

Sushil

vitripat Wed, 03/07/2007 - 08:21
User Badges:
  • Gold, 750 points or more

The default gw must be PIXs inside interace. If the DG was not PIX inside interface, the syslog would showup teardown with flag "SYN Timeout", the very fact that connection is being torn doen due to "Reset-I" indicates that server is sending the responses back to PIX. Its not an issue with DG on the server.


Regards,

Vibhor.

Actions

This Discussion