Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

FWSM: deny tcp/113 w/reset

If tcp/113 (auth/identd) is denied explicity or implicity by an access list, is a reset sent to the source by default? If not, how do you configure the fwsm so that it sends a reset in this case? This would be so that outbound email connections dont hang if the destination server sends an identd request, and has to wait for it to timeout before it processes the smtp session.

Larry Owen

2 REPLIES
Bronze

Re: FWSM: deny tcp/113 w/reset

Larry,

Not sure what version of FWSM code you're running, but 'service resetinbound' should still work.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094317.shtml

--Jason

Please rate this message if it helped!

Community Member

Re: FWSM: deny tcp/113 w/reset

That's the ticket! Although, if I read the description right in the command reference, this will send resets for all denied tcp syn's. You'd think there would be an argument so you could selectively send resets based on the tcp port being accessed. Anyway, thanks!

Larry Owen

140
Views
5
Helpful
2
Replies
CreatePlease to create content