Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

TCP Reset-I

Hi,

I have a host on the inside which is being accessed from the outside. I have a static NAT defined and have the access list configured to permit the out to in traffic.

This is not working however and i can see in my syslogs that i am getting TCP Reset-I recorded.

Is this a config mistake on my behalf ?

Is this reset coming from the Pix ?

Is this reset coming from the inside host ?

Thanks, really scratching my head over this one.

3 REPLIES
Silver

Re: TCP Reset-I

This reset is coming from the inside host. PIX is not sending this RESET. We need to look at the server on the inside for specific settings if something is misconfigured. Following link explains all the flags for the syslog message you are getting-

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/syslog/logmsgs.htm#wp1280675

Regards,

Vibhor.

Silver

Re: TCP Reset-I

what is the default gateway on the inside server.please make sure that it's sending the traffic to the inside interface of the firewall.

that's the first step.

if the d.g. is ,let's say the inside interafce of the firewall,then we have an issue with the server settings.

please check and let us know how it goes.

Regards,

Sushil

Silver

Re: TCP Reset-I

The default gw must be PIXs inside interace. If the DG was not PIX inside interface, the syslog would showup teardown with flag "SYN Timeout", the very fact that connection is being torn doen due to "Reset-I" indicates that server is sending the responses back to PIX. Its not an issue with DG on the server.

Regards,

Vibhor.

506
Views
4
Helpful
3
Replies