One of the ISP's I connect to for POP3 mail sends an ACK request from a server with a different IP address than the POP3 server's each time I log on to check email. This causes timeout problems because my PIX doesn't respond. The PIX log entries read, "Deny TCP (no connection) from x.x.x.x/80 to x.x.x.x/1982 flags ACK on interface outside".
I've figured out that the "service resetoutside" command eliminates the timeout problem, but it also makes my system non-stealthy when port scanned. Is there a way I can establish a rule that will cause the PIX to respond to ACK requests from only certain IP addresses?
Thanks for your help,