Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

rmg
New Member

Deny TCP ( no connection)

I have an ACL that allows inbound traffic for TCP port 1026. My syslog server says that the firewall is denying access in.

Deny TCP (no connection) from x.x.x.x/1308 to x.x.x.x/1026 flags PSH ACK on interface outside

This was working fine. Any ideas?

3 REPLIES
New Member

Re: Deny TCP ( no connection)

The "no connection" usually means that there was a TCP teardown on the NAT session prior to that error. Is there a tear down in your logs

rmg
New Member

Re: Deny TCP ( no connection)

No there isn't. This was working for about 4 months and now has stopped.

I've opened all incoming tcp, udp and ip from this host and I still get this error.

Could the remote site have something to do with this?

Silver

Re: Deny TCP ( no connection)

I think the reason that the incoming packet was denied is because -most likely- the packet was part of an established connection and it just arrived out of order or excessively delayed.

Remember that the PIX allows only packets pertaining to an entry in its state table - even with an "permit ip" access list.

Hope that helped ...

Mustafa

486
Views
0
Helpful
3
Replies