Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

106001: Inbound TCP connection denied from 172.32.1.101/49171 to 192.168.0.6/3128 flags SYN on interface outside

can someone please take a look at this and assist me ..

          

106001: Inbound TCP connection denied from 172.32.1.101/49171 to 192.168.0.6/3128 flags SYN  on interface outside
305005: No translation group found for tcp src outside:172.32.1.101/49171 dst inside:192.168.0.6/3128

106001: Inbound TCP connection denied from 172.32.1.101/49171 to 192.168.0.6/3128 flags SYN  on interface outside
305005: No translation group found for tcp src outside:172.32.1.101/49171 dst inside:192.168.0.6/3128

config

PIX Version 6.3(1)

interface ethernet0 10baset

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list 101 permit tcp any any eq https

access-list 101 permit tcp any any eq www

access-list 101 permit tcp any host 192.168.0.6

access-list 101 permit udp any host 10.32.0.5 eq domain

ip address outside 172.32.1.1 255.255.255.0

ip address inside 10.3.0.3 255.255.0.0

global (outside) 2 interface

global (inside) 1 10.3.3.3

nat (outside) 1 172.32.1.0 255.255.255.0 outside 0 0

static (inside,outside) 10.32.0.5 10.32.0.5 netmask 255.255.255.255 0 0

static (inside,outside) 192.168.0.6 192.168.0.6 netmask 255.255.255.255 0 0

route inside 0.0.0.0 0.0.0.0 10.3.0.1 1

route inside 10.32.0.5 255.255.255.255 10.3.0.1 1

route inside 192.168.0.6 255.255.255.255 10.3.0.1 1

route inside 216.45.178.0 255.255.255.255 10.3.0.4 1

5 REPLIES
Bronze

106001: Inbound TCP connection denied from 172.32.1.101/49171 to

Is there any particular reason why you have the following NAT rule:

nat (outside) 1 172.32.1.0 255.255.255.0 outside 0 0

If not, please remove that line. Also, make the access list 101 has a access group pointiong to the outside interface.

Regards,

Juan Lombana

Please rate helpful posts.

New Member

106001: Inbound TCP connection denied from 172.32.1.101/49171 to

Thank you so much for taking the time to look at this !

I removed the route and have a statement as recommended

Add the access-group : access-group 101 in interface outside

I still get the following errors

710005: UDP request discarded from 172.32.1.5/137 to outside:172.32.1.255/netbios-ns

106007: Deny inbound UDP from 172.32.1.105/63039 to 10.32.0.5/53 due to DNS Query

305005: No translation group found for tcp src outside:172.32.1.5/3474 dst inside:10.32.0.15/3128

Thanks

Bronze

106001: Inbound TCP connection denied from 172.32.1.101/49171 to

Hello,

Well, on the last log you sent it looks like the destination is 10.32.0.15, based on the description you only have the following statics:

static (inside,outside) 10.32.0.5 10.32.0.5 netmask 255.255.255.255 0 0

static (inside,outside) 192.168.0.6 192.168.0.6 netmask 255.255.255.255 0 0

You can either add one for 10.32.0.15 or one for the entire network.

Regards,

Juan Lombana

Please rate helpful posts.

New Member

106001: Inbound TCP connection denied from 172.32.1.101/49171 to

Thank you, any additional advise for the following:

710005: UDP request discarded from 172.32.1.5/137 to outside:172.32.1.255/netbios-ns

106007: Deny inbound UDP from 172.32.1.105/63039 to 10.32.0.5/53 due to DNS Query

Bronze

106001: Inbound TCP connection denied from 172.32.1.101/49171 to

DNS server was probably too  slow to respond, and the query was answered by another server but those packets are not blocked by the PIX.

331
Views
0
Helpful
5
Replies