Disabling connection checking for specific network on 515E
I'm looking for a way to stop getting the %PIX-6-106015: Deny TCP (no connection) from IP_addr/port to IP_addr/port flags flags on interface int_name. syslog messages.
My users are running a client-server program that initiates a session with the Pix from the client and the program works fine. My users are complaining about the program "kicking them out" and having to start a new session of the program. I believe what's happening is that the connection in the Pix is dropped when the program goes into "sleep mode" -- ie. it minimizes itself and locks until the user who's logged in enters their password (it's a security feature). They can open new sessions, but unlocking the sleeping session just doesn't work.
I have ACLs that allow traffic from the remote site and my internal network (servers) for both my inside interface and the interface they're located on (RemoteConnections). Even if a connection's "dropped", traffic between the servers and their network is completely "open" -- on both interfaces involved.
Is there a way to disable connection (or session) checking for a particular host/network? The description for this problem describes this as occuring when there's no existing TCP connection specified by the SYN flag (and there's no connection in the Pix).
Any help/suggestions would be greatly appreciated!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :