PIX FTP Reset Issue

Unanswered Question
Sep 25th, 2003
User Badges:

Dear All,



Lot of our remote clients are getting sudden loss of FTP connectivity.

We run a FTP server behind a PIX with 6.2(2).

Looking through the PIX log I am seeing lots of Resets and wondering if

Someone could explain or give some hint of the cause of these reset entries.

Here is an extract of the PIX log:

302014: Teardown TCP connection 74555 for outside:217.169.34.118/2205 to inside:217.169.46.20/3389 duration 0:01:24 byte

s 21375 TCP Reset-I


302014: Teardown TCP connection 74721 for outside:217.169.34.118/4385 to inside:217.169.46.20/20 duration 0:00:01 bytes



302014: Teardown TCP connection 74961 for outside:193.130.58.161/34218 to inside:217.169.46.22/443 duration 0:03:49 byte

s 129208 TCP Reset-O


302014: Teardown TCP connection 74987 for outside:217.169.34.118/4518 to inside:217.169.46.20/21 duration 0:10:09 bytes

664 TCP Reset-I



302014: Teardown TCP connection 75550 for outside:195.167.165.130/3835 to inside:217.169.46.20/20 duration 0:00:01 bytes

2760 TCP Reset-I


02014: Teardown TCP connection 75826 for outside:195.167.165.130/1465 to inside:217.169.46.20/20 duration 0:00:01 bytes

2760 TCP Reset-I


Regards,


Zahid



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
zahid.hassan Thu, 09/25/2003 - 14:51
User Badges:

Jay,


Thanks for your response.

I am still having problem to understand the reasons for TCP Resets both from inside and outside. Is it something thats being caused by the FTP server or the client ? Or is it the PIX wich in causing the resets ?


Any further help would be greatly appreciated.


Zahid

scoclayton Thu, 09/25/2003 - 19:19
User Badges:
  • Gold, 750 points or more

The PIX is not going to RST any connections (unless blocked by an ACL and service resetinbound is config'ed). The syslog messages you picked out are simply telling you that the PIX tore the connections down based on seeing a RST packet from either the server (RST-I) or from the client (RST-O). You would probbaly need to sniff the traffic to get a better idea of what is going on. Hope this helps clarify a bit.


Scott

Actions

This Discussion