have a cisco 3640 router with 12.x ios running. I wanted to make my router as application firewall to intercept all the connections for my web server and i configured like this

ip tcp intercept list 103

access-list 103 permit tcp any host x.x.x.x1( my web server ip address)

I did not configure any other intercept command and left everything to default.

Now when i try to browse the site x.x.x.x1 from outside the page is not getting displayed. But in the show tcp intercept statistics i could see establised session from the outside ip address of the system from which i am trying to browse x.x.x.x1. Now when i make the tcp intercept mode to watch mode

Ip tcp intercept mode watch.

Then my site is accessable from outside. I am having a pix firewall between my router and the web server.

I tried disabling the ip cef, gave

no ip route-cache

no ip mroute-cache on all the interface

and also tried from two webservers one kept inside and the other kept outside the firewall and both are not working.

When i type in sh tcp intercept connections I could see the connections in the establised mode but the web server is not accessable from outside. Once i move in it watch mode my web servers are working. MLS is disabled in the router.

One more thing is that when i am in the intercept mode and i could establised status but the connection is not resetting or refreshing after 8 hours also. It was still showing the connection establised though i have disconnected the session long back.

Can some one advice me what is the mistake i am making and how to solve this problem

Thanks in Advance