Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco PIX 515E Version 7.2 TCP Reset-O

I have a small issue with my Cisco PIX 515E running a ipsec tunnel from cisco pix to a check point firewall.  The only traffic that is passing through this tunnel is just SSL traffic for our outlook email clients connecting to an exchange server through RPC HTTPS.  But what I am noticing is that I am receiving TCP Reset-O  in my loggs about every 26 to 28 minutes and I believe that creates a domino affect because then I start seeing TCP Reset-I from client connections; but I believe the TCP Reset-O starts the affect.  I know that TCP Reset-O means that the connection is being reset from the outside server but I was wondering if creating a policy-map on the cisco pix extending the the timeout-session for all SSL traffic going through the ipsec tunnel to last 6hrs or more because I am also noticing that the outlook email clients establish a 12 SSL connection per user going to the exchange server over ipsec tunnel so I want the timeout value to be for a while.  I think the issue is on the checkpoint killing the connection after a certain time period but if its not I was wondering if anyone had any suggestions how to resolve tcp connection issues timing out?

Cisco Employee

Re: Cisco PIX 515E Version 7.2 TCP Reset-O

Hi Alfred...

The PIX is reporting exactly what it sees, which is a request to terminate the TCP session. The PIX will teardown the session immediately since one of the endpoints no longer wishes to communicate on the flow. You would be unable to extend the timeout when the reset is sent. It would be best to understand why the reset is sent in the first place by the end host rather than trying to extend timers.