TCP Reset-I

stuart.jones · ‎03-06-2007

Hi,

I have a host on the inside which is being accessed from the outside. I have a static NAT defined and have the access list configured to permit the out to in traffic.

This is not working however and i can see in my syslogs that i am getting TCP Reset-I recorded.

Is this a config mistake on my behalf ?

Is this reset coming from the Pix ?

Is this reset coming from the inside host ?

Thanks, really scratching my head over this one.

vitripat · ‎03-06-2007

This reset is coming from the inside host. PIX is not sending this RESET. We need to look at the server on the inside for specific settings if something is misconfigured. Following link explains all the flags for the syslog message you are getting-

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/syslog/logmsgs.htm#wp1280675

Regards,

Vibhor.

suschoud · ‎03-07-2007

what is the default gateway on the inside server.please make sure that it's sending the traffic to the inside interface of the firewall.

that's the first step.

if the d.g. is ,let's say the inside interafce of the firewall,then we have an issue with the server settings.

please check and let us know how it goes.

Regards,

Sushil

vitripat · ‎03-07-2007

The default gw must be PIXs inside interace. If the DG was not PIX inside interface, the syslog would showup teardown with flag "SYN Timeout", the very fact that connection is being torn doen due to "Reset-I" indicates that server is sending the responses back to PIX. Its not an issue with DG on the server.

Regards,

Vibhor.