Connections through firewall getting dropped - help
An SSH connection between a NAT'ed client on the DMZ interface and a server on the outside interface gets reset after a few seconds. An SSH connection between a client on the DMZ interface and a server on the inside interface works perfectly. The client is NAT'ed by a guest appliance connected to the DMZ interface. The DMZ interface uses identity NAT (nat zero). All other services between client and the outside interface work perfectly.
A packet capture at the DMZ interface shows that after a Selective ACK is sent from server to client, the NAT gateway sends a RESET which kills the connection. A capture at the SSH client shows that it is not sending the RESET.
Even though NAT zero is in use on the firewall the TCP sequence numbers are still being randomized. Could this be the cause of the problem? Any help greatly appreciated.
Re: Connections through firewall getting dropped - help
The problem was only observed with the puTTy SSH client. The SSH.com client worked perfectly. Even though I was using NAT 0 on the dmz interface for traffic originating from the NAT gateway the PIX still randomises TCP sequence numbers.
Using NAT 0 plus norandomseq has caused fewer TCP RESETS being issued by the NAT gateway when clients are using puTTy SSH.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...