TCP RESET-i

jsegura · ‎05-10-2004

Hi.

I have a PIX 525 and sometimes our outside customers can´t connect with a internal server

In the log I see the following:

%PIX-6-302013: Built inbound TCP connection 118247 for outside:172.16.9.167/1992 (172.16.9.167/1992) to dmz:10.9.82.5/3389 (172.16.8.40/3389)

%PIX-6-302014: Teardown TCP connection 118247 for outside:172.16.9.167/1992 to dmz:10.9.82.5/3389 duration 0:00:01 bytes 11 TCP Reset-I

It looks like the internal server is sending a tcp reset after one second conection, but I don´t know why?

I checked the internal server configuration, and the amount of conections to the server, but everything is OK.

Any suggests?

ehirsel · ‎05-11-2004

If you are running pix 6.2 or higher, run a two sets of capture commands, one on the inside interface and one on the outside interface. Have a customer that is having trouble connecting to try again while running the traces. Then save them, and re-run them again, but this time, have a customer that is working try to connect.

Then compare the good and bad traces to see what is different.

According to the pix 6.2 and 6.3 doc the tcp reset-i is orginating from the terminal server (port 3389). I wonder if the reset occurs because it is expecting a frame from the user within one second of est. the connection. The good vs. bad compare will verify this.

Let me know what you find.