Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access to web server from outside

I'm trying to establish a connection to my internal web server on port 443 from the outside interface. The log shows the following info: "Built inbound tcp connection 73 for faddr x.x.x.x/1931 gaddr y.y.y.y/443 laddr/443". About 2:30 seconds after the connection is established a tear down message appears. No web page is ever displayed in my browser. Any ideas on what I misconfigured?

3 REPLIES
Cisco Employee

Re: Access to web server from outside

The teardown message should indicate why the connection was torn down. I would use that as a starting point.

Also, you can check the connection flags for the connection after it is built "show conn". The flags are at the very end of the connection. You should see "UIO" - meaning the connection is Up, and receiving Inbound data and Outbound data.

You may see sAa - indicating the SYN went through, but not the Syn+Ack. In this case, I would check for asymetrical routing.

Hope that helps.

David.

New Member

Re: Access to web server from outside

Hey David, I actually see a SaAB at the end of the connection. Does this point to asymetrical routing problems as well?

Mike

Cisco Employee

Re: Access to web server from outside

Hi Mike,

Yes, it indicates that the PIX received a SYN packet on the outside interface, but never received a SYN+AKC back on the inside interface (the B means the connection was initiated from the outside). Asymetric routing is usually the cause. Other possibilities are that the server just isn't responding.

Hope that helps,

David.

113
Views
0
Helpful
3
Replies
CreatePlease login to create content