Hi, that's the Problem:

When I try to connect MSN it's not possible.

I saw that on the firewall:

---

305011: Built dynamic TCP translation from inside:inside-ip/1166 to outside:outside-ip/55586

302013: Built outbound TCP connection 75493 for outside:65.54.239.20/1863 (65.54.239.20/1863) to inside:inside-ip/1166 (outside-ip/55586)

305011: Built dynamic TCP translation from inside:inside-ip/1167 to outside:outside-ip/55587

302013: Built outbound TCP connection 75494 for outside:207.46.0.22/1863 (207.46.0.22/1863) to inside:inside-ip/1167 (outside-ip/55587)

302014: Teardown TCP connection 75493 for outside:65.54.239.20/1863 to inside:inside-ip/1166 duration 0:00:01 bytes 302 TCP FINs

305011: Built dynamic TCP translation from inside:inside-ip/1169 to outside:outside-ip/55588

302013: Built outbound TCP connection 75495 for outside:65.54.183.198/443 (65.54.183.198/443) to inside:inside-ip/1169 (outside-ip/55588)

302014: Teardown TCP connection 75495 for outside:65.54.183.198/443 to inside:inside-ip/1169 duration 0:00:01 bytes 2445 TCP FINs

106023: Deny tcp src outside:65.54.183.198/443 dst inside:outside-ip/55588 by access-group "incoming"

305011: Built dynamic TCP translation from inside:inside-ip/1171 to outside:outside-ip/55589

302013: Built outbound TCP connection 75497 for outside:65.54.131.249/443 (65.54.131.249/443) to inside:inside-ip/1171 (outside-ip/55589)

302014: Teardown TCP connection 75497 for outside:65.54.131.249/443 to inside:inside-ip/1171 duration 0:00:01 bytes 3110 TCP FINs

106023: Deny tcp src outside:65.54.131.249/443 dst inside:outside-ip/55589 by access-group "incoming"

---

1) I can see dynamic TCP translation

2) outbound connection is built

3) --> teardown TCP connection (TCP FINs)

4) the internet-server tries to connect to the closed TCP-connection --> blocked by incoming ACL

it looks like that the TCP-session is cloosed too early...

Has someone an idea?

Regards

Dieter