You said "Sniffer shows multiple SYN sent packets, but no succesful session setups", Do you sniffer in PIX inside interface or outside interface? If inside, can you try outside now? if outside, what source ip the SYN is using? it should use the nated IP(pix's outside interface IP), if not, that means your NAT configuration in PIX is wrong, maybe you only setup nat for vlan10, but forget to setup nat for vlan172.
The sniffer shows a proper external NAT IP for both ICMP and HTTP sessions.
The only difference I see in the return packets is the "No-defrag" bit is set (on) for the http requests. Although this is normal, it made me think to look for an MTU issue where the packet would be dropped.
It seems impossible. If you can see the the proper external NAT Ip for both icmp and http sessions in PIX's outside interface, you should be able to see the return packets for both sessions. Did you get syn/ack packet back from internet site?
If you think about MTU issue, could you try ping big packets? If it works, MTU should not be a problem.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.