ssl truncated / unreassembled packet through firewall

Unanswered Question
May 7th, 2009

Hi ,

Facing a problem with server communication.Have attached a diagram of network and communication details also mentioned in the same.

Design we can not change.Its a production setup.

If we are bypassing the firewall everything works fine.

but when communication pass through pix communication is not happening.

We did a packet Capturing ( attached those files also - need wireshark or etherial to open)

eye catchers in the output ( for ppl who could not open packet capture)

1.[Unreassembled Packet: SSL]

2.[Packet size limited during capture: SSL truncated]

Fire wall config :

nat-control enabled

static (inside,DMZ) 10.0.0.0 10.0.0.0 netmask 255.0.0.0

ACL on DMZ,

access-list DMZ, permit tcp host 10.0.228.202 host 10.0.229.24 eq 12508

access-list test-in permit ip host 10.0.228.202 host 10.0.229.24

access-list test-in permit ip host 10.0.228.202 host 10.0.0.50

capture test-in access-list test-in buffer 100000 interface DMZ

access-list test-out permit ip host 10.0.0.50 host 10.0.228.202

access-list test-out permit ip host 10.0.229.24 host 10.0.228.202

did anyone faced this kind of issues ...

any ideas suggestions welcome.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rajivrajan1 Fri, 05/08/2009 - 00:03

this issue has been resolved by moving the app server to same segment -

- for future REF

Actions

This Discussion