09-25-2003 02:24 AM - edited 02-20-2020 11:00 PM
Dear All,
Lot of our remote clients are getting sudden loss of FTP connectivity.
We run a FTP server behind a PIX with 6.2(2).
Looking through the PIX log I am seeing lots of Resets and wondering if
Someone could explain or give some hint of the cause of these reset entries.
Here is an extract of the PIX log:
302014: Teardown TCP connection 74555 for outside:217.169.34.118/2205 to inside:217.169.46.20/3389 duration 0:01:24 byte
s 21375 TCP Reset-I
302014: Teardown TCP connection 74721 for outside:217.169.34.118/4385 to inside:217.169.46.20/20 duration 0:00:01 bytes
302014: Teardown TCP connection 74961 for outside:193.130.58.161/34218 to inside:217.169.46.22/443 duration 0:03:49 byte
s 129208 TCP Reset-O
302014: Teardown TCP connection 74987 for outside:217.169.34.118/4518 to inside:217.169.46.20/21 duration 0:10:09 bytes
664 TCP Reset-I
302014: Teardown TCP connection 75550 for outside:195.167.165.130/3835 to inside:217.169.46.20/20 duration 0:00:01 bytes
2760 TCP Reset-I
02014: Teardown TCP connection 75826 for outside:195.167.165.130/1465 to inside:217.169.46.20/20 duration 0:00:01 bytes
2760 TCP Reset-I
Regards,
Zahid
09-25-2003 07:58 AM
Hi Zahid,
Please check this URL:
The clue here is TCP Reset-I
Thanks - Jay.
09-25-2003 02:51 PM
Jay,
Thanks for your response.
I am still having problem to understand the reasons for TCP Resets both from inside and outside. Is it something thats being caused by the FTP server or the client ? Or is it the PIX wich in causing the resets ?
Any further help would be greatly appreciated.
Zahid
09-25-2003 07:19 PM
The PIX is not going to RST any connections (unless blocked by an ACL and service resetinbound is config'ed). The syslog messages you picked out are simply telling you that the PIX tore the connections down based on seeing a RST packet from either the server (RST-I) or from the client (RST-O). You would probbaly need to sniff the traffic to get a better idea of what is going on. Hope this helps clarify a bit.
Scott
09-25-2003 11:51 PM
Zahid -
Can you try what Scott suggested (use a packet sniffer) to verify were the problems is, the PIX is not re-setting the connection. There's a free/very good sniffer from here: www.ethereal.com
Hope this helps - Thanks, Jay.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide