firewall connection log

Unanswered Question
Nov 7th, 2009
User Badges:

WOuld need advise on the attached logs from a connection , obtained by tcpdump on a firewall. is the global ip of ours which is been NAT on the device. the private ip for this hosts a website, which is inaccessible. is the internet ip used to check if the site is reachable.

Please suggest what does these logs indicate.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Herbert Baerten Mon, 11/09/2009 - 01:00
User Badges:
  • Cisco Employee,

The capture shows the client ( sending a TCP SYN, followed by sending a TCP RST.

This means that either the NAT is not configured properly, or the access-list is not permitting the inbound traffic, or the traffic goes through but the server is not listening to port 443.

Check the syslogs, check the same capture on the inside interface, check if you can connect to the server (on its private ip addess) from a client on the inside.

austin522 Tue, 11/10/2009 - 06:14
User Badges:

The logs which are attached in the notepad give me a feeling,when connection is intiated from to on port 443 the server which is is replying with a RST this could be the server is not listening on port 443


This Discussion