Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX running 7.2(2) not allowing access to one website...

We're running 7.2(2) on a PIX 525. We can't seem to access one website. No deny messages show up in the syslog, just a TCP reset message.

2007-05-16 13:40:05 Local4.Info inet-pix May 16 2007 13:40:05: %PIX-6-302014: Teardown TCP connection 673938 for outside:207.46.248.109/80 to inside:10.x.x.x/3777 duration 0:01:01 bytes 1274 TCP Reset-I

I found one article on CISCO's website that referenced an issue with large MSS, but that doesn't seem to be the problem. Any ideas?

4 REPLIES
New Member

Re: PIX running 7.2(2) not allowing access to one website...

Please post your config.

Btw, You didnt have to hide "inside:10.x.x.x/3777" as it wont be reachable from the outside anyway. ;o)

New Member

Re: PIX running 7.2(2) not allowing access to one website...

I know I didn't, but I just felt better doing it. I've attached the config.

Bronze

Re: PIX running 7.2(2) not allowing access to one website...

hello

as what i know and seen, TCP Reset-1 message appears when the remote host rejects or send a malformed packet reply

also did you try connecting from outside to this site at the same time when you had the problem, this might give you a clue.

HTH, please rate it

New Member

Re: PIX running 7.2(2) not allowing access to one website...

I've tried it from outside and don't see the TCP-Reset. But the only hosts that seem to be able to access the site are the ones I've got setup with a static translation. Can a single IP address be used as a static translation for multiple IPs?

152
Views
2
Helpful
4
Replies