TCP RESET-i

Unanswered Question
May 10th, 2004

Hi.

I have a PIX 525 and sometimes our outside customers can´t connect with a internal server

In the log I see the following:

%PIX-6-302013: Built inbound TCP connection 118247 for outside:172.16.9.167/1992 (172.16.9.167/1992) to dmz:10.9.82.5/3389 (172.16.8.40/3389)

%PIX-6-302014: Teardown TCP connection 118247 for outside:172.16.9.167/1992 to dmz:10.9.82.5/3389 duration 0:00:01 bytes 11 TCP Reset-I

It looks like the internal server is sending a tcp reset after one second conection, but I don´t know why?

I checked the internal server configuration, and the amount of conections to the server, but everything is OK.

Any suggests?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
ehirsel Tue, 05/11/2004 - 08:36

If you are running pix 6.2 or higher, run a two sets of capture commands, one on the inside interface and one on the outside interface. Have a customer that is having trouble connecting to try again while running the traces. Then save them, and re-run them again, but this time, have a customer that is working try to connect.

Then compare the good and bad traces to see what is different.

According to the pix 6.2 and 6.3 doc the tcp reset-i is orginating from the terminal server (port 3389). I wonder if the reset occurs because it is expecting a frame from the user within one second of est. the connection. The good vs. bad compare will verify this.

Let me know what you find.

Actions

Login or Register to take actions

This Discussion

Posted May 10, 2004 at 1:48 PM
Stats:
Replies:1 Avg. Rating:
Views:493 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard