cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
451
Views
0
Helpful
4
Replies

PIX FTP Reset Issue

zahid.hassan
Level 1
Level 1

Dear All,

Lot of our remote clients are getting sudden loss of FTP connectivity.

We run a FTP server behind a PIX with 6.2(2).

Looking through the PIX log I am seeing lots of Resets and wondering if

Someone could explain or give some hint of the cause of these reset entries.

Here is an extract of the PIX log:

302014: Teardown TCP connection 74555 for outside:217.169.34.118/2205 to inside:217.169.46.20/3389 duration 0:01:24 byte

s 21375 TCP Reset-I

302014: Teardown TCP connection 74721 for outside:217.169.34.118/4385 to inside:217.169.46.20/20 duration 0:00:01 bytes

302014: Teardown TCP connection 74961 for outside:193.130.58.161/34218 to inside:217.169.46.22/443 duration 0:03:49 byte

s 129208 TCP Reset-O

302014: Teardown TCP connection 74987 for outside:217.169.34.118/4518 to inside:217.169.46.20/21 duration 0:10:09 bytes

664 TCP Reset-I

302014: Teardown TCP connection 75550 for outside:195.167.165.130/3835 to inside:217.169.46.20/20 duration 0:00:01 bytes

2760 TCP Reset-I

02014: Teardown TCP connection 75826 for outside:195.167.165.130/1465 to inside:217.169.46.20/20 duration 0:00:01 bytes

2760 TCP Reset-I

Regards,

Zahid

4 Replies 4

jmia
Level 7
Level 7

Jay,

Thanks for your response.

I am still having problem to understand the reasons for TCP Resets both from inside and outside. Is it something thats being caused by the FTP server or the client ? Or is it the PIX wich in causing the resets ?

Any further help would be greatly appreciated.

Zahid

The PIX is not going to RST any connections (unless blocked by an ACL and service resetinbound is config'ed). The syslog messages you picked out are simply telling you that the PIX tore the connections down based on seeing a RST packet from either the server (RST-I) or from the client (RST-O). You would probbaly need to sniff the traffic to get a better idea of what is going on. Hope this helps clarify a bit.

Scott

Zahid -

Can you try what Scott suggested (use a packet sniffer) to verify were the problems is, the PIX is not re-setting the connection. There's a free/very good sniffer from here: www.ethereal.com

Hope this helps - Thanks, Jay.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: