ASA - PIX Site-Site VPN problem

Unanswered Question
Mar 10th, 2008
User Badges:

Hi,

We have a site to site IPSec VPN tunnel with a PIX 535 at one end and an ASA on the other. We don't manage the ASA. A user reports that his Remote Desktop session from his PC behind the ASA hangs every couple of minutes. We captured traffic on the client PC, and behind the PIX at this end in front of the server. We saw that the RDP client receives an RST even though no RST is captured on the server side. There is less than a second between the time apparently good traffic is seen and the RST.


We don't know if it is the PIX or the ASA that is generating the RST, effectively ending the session. How can we determine why this is happening and on which device?


thanks

Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
brettmilborrow Mon, 03/10/2008 - 10:01
User Badges:

If you do a debug packet on the inside interface of the PIX with the dst option set to the client address, then attempt the connection again, you should see alot of info in the debug session, but you should be able to fish out the address that sends the rst packet to the client.

sundar.palaniappan Mon, 03/10/2008 - 14:02
User Badges:
  • Green, 3000 points or more

I am just wondering is the IDS/IPS function enabled on PIX or could there a dedicated IDS device in the path that's spoofing the address of the server and sending RST packets back to the client.

Actions

This Discussion