We have a webserver hosted on DMZ.
A Static PAT on port 443 results in intermittent connection (Internet explorer displays Page cant be display immediately and sometimes works fine) while a STATIC Port redirection from 444 port makes the webserver work fine.
The Static PAT below looks something like this.
Works fine => static (DMZ,outside) tcp 213.X.X.X 444 10.153.122.55 https netmask 255.255.255.255 0
Doesn?t work properly. Intermittent drops => static (DMZ,outside) tcp 213.X.X.X https 10.153.122.55 https netmask 255.255.255.255 0
My question is what is it that PIX does for TCP 443 and not for TCP 444? Is there a way to stop the SYN protection on PIX ?
The packet capture on PIX/Client/Server shows that the client is sending a RST when PIX is listening on 443. Client completes the TCP handshake properly if PIX is listening on 444. I have tried changing MTU, changing TCP timeouts, adding ?norandomseq? to the static . Anything I?m missing ?
All FIXUP/Inspections have been truned off. The configuration for 443 and 444 are exactly same.
If I change my firewall frm PIX to Microsoft ISA, it works absolutely fine. So I know PIX is the culprit here.
I have a TAC open for this but nothing much happening from there.