An SSH connection between a NAT'ed client on the DMZ interface and a server on the outside interface gets reset after a few seconds. An SSH connection between a client on the DMZ interface and a server on the inside interface works perfectly. The client is NAT'ed by a guest appliance connected to the DMZ interface. The DMZ interface uses identity NAT (nat zero). All other services between client and the outside interface work perfectly.
A packet capture at the DMZ interface shows that after a Selective ACK is sent from server to client, the NAT gateway sends a RESET which kills the connection. A capture at the SSH client shows that it is not sending the RESET.
Even though NAT zero is in use on the firewall the TCP sequence numbers are still being randomized. Could this be the cause of the problem? Any help greatly appreciated.