Here is my question, according to Cisco all attempted TCP connections that are denied by a ruleset will be dropped (There will be no reply to the initial SYN). I currently have a 515 running version 6.2 configured to deny 5190 traffic on the inside interface. Running a port scan on this port yields TCP RST from the Pix (The Pix is of course emulating the distant end). This proves the documentation to be wrong. Further research led me to believe there may be a global statement I was missing to configure the pix to drop packets but I have found only this...
The service command:
I have cleared any & all service commands from the configuration (There were never any) and I am still getting the same results and this is undesirable.