interesting problem with pix 506

Unanswered Question
Apr 22nd, 2008
User Badges:

Hello!


We have the Pix 506 with IOS version 6.3(4)


We publish our inside https web server 10.12.1.50 port 443 to outside address X.X.X.2 port 443

And sometimes the publishing of our inside web server doesn't work.


Log message when publication works normally:

<166>Apr 21 2008 08:14:42: %PIX-6-302013: Built inbound TCP connection 235 for outside:217.195.65.10/52058 (217.195.65.10/52058) to inside:10.12.1.50/443 (x.x.x.2/443)


Log message when publishing doesn't work:

<166>Apr 21 2008 08:09:37: %PIX-6-302013: Built inbound TCP connection 566372 for outside:217.195.65.10/52874 (217.195.65.10/52874) to inside:10.12.1.50/443 (x.x.x.129/443)


Why the address (x.x.x.2/443) was changed to (x.x.x.129/443)? There is no address (x.x.x.129/443) in config file.


And, we can't understand where was error, because it is repaired only after three or four reboots of the pix and the web server.



Can you help me?



I shall be thankful to you for your aid.


Alexander

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
owillins Mon, 04/28/2008 - 09:55
User Badges:
  • Silver, 250 points or more

Better you turn off the fixup protocol and open tcp/20 and test it again.These messages show inbound TCP connections being set up and then torn down with the expiration of the SYN timer timeout. These messages are logged at the informational level.


Actions

This Discussion