I'm facing kind of weird behaviour on a Cisco PIX 515E firewall that I don't understand. I hope someone can explain this:
I have a server on the inside interface of the firewall. I have set an access list on the outside interface to define rules for the incoming traffic towards the server.
The access-list allows certain ports from certain destinations, and at the end i placed a deny any rule.
Now the issue is that when I do a telnet <server_IP> <any port> from outside from any source IP address it looks as if i receive a reply from the server although telneting from a denied source ip address or detination port number.
I set a capture on the inside and outside interfaces of the firewall:
When I telnet from the external client c.c.c.c towards the internal server s.s.s.s on port 98652 (or any other port number), i get the following capture output:
Please note that this traffic should be blocked by the ACL on the outside interface.
I think posting the output of the "show access-list" command is going to be somehow hard as is it includes around 700 lines. But please let me know if some more specific information may be useful for you or if you are suspecting a particular issue.
Well yes of course. I telnet the public IP address of the server which in turn is staticaly NATed on the firewall and this works fine. I really can't post the whole configuration as it includes huge number of access lists lines (which also include private information). But in case you need specifc config information please let me know.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...