Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
0
Helpful
1
Replies

Problem with connection establishment

dan_track
Level 1
Level 1

‎05-01-2008 06:28 AM - edited ‎03-11-2019 05:39 AM

Hi

I'm getting the following message appear in my syslog from our pix 515E firewall running OS version 6.2

106015: Deny TCP (no connection) from 10.12.8.20/2710 to 10.23.9.20/13720 flags ACK on interface dmz1

Could someone please help me with this, and why it would be denying the traffic. My access-list has now been simplified to "permit ip any any", and I'm not running nat as shown below:

nat (data) 0 10.10.8.0 255.255.248.0 0 0

nat (dmz1) 0 10.12.8.0 255.255.248.0 0 0

static (data,green) N_live N_live netmask 255.255.255.255 0 0

static (data,green) 10.10.8.20 10.10.8.20 netmask 255.255.255.255 0 0

static (dmz1,green) V_DMZ1 V_DMZ1 netmask 255.255.255.255 0 0

Any thoughts?

Thanks in advance

Dan

Labels:
0 Helpful
1 Reply 1

tstanik
Level 5
Level 5

‎05-07-2008 06:22 AM

For that Change the NAT(dmz) 0 to NAT (dmz) and also

allow icmp to pass through.

For the further configuration refer the below URL :

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card