I have the following scenario:
Host1-Firewall1-VPNRouter1-(IPSEC TUNNEL)-VPNRouter2-Firewall2-Host2
Firewall1 is a non IOS non PIX
VPNRouter1 is IOS
VPNRouter2 is IOS
Firewall2 is PIX
Firewall1 is NAT'ing 1-1 the address of Host1.
VPNRouter1 is NAt'ing both Host1 and Host2 because both networks are overlapping.
Firewall2 is not performing NAT and has a rule permitting traffic from Host1 to Host2.
When Host1 tries to open an FTP session to Host2 (its NAT'ed address) the tunnels creates and the Firewall2 allos the connection. But the FTP does not opens. The only message I see is the following:
302001: Built inbound TCP connection 103 for faddr 10.96.111.65/5840 gaddr 10.96
.108.65/21 laddr 10.96.108.65/21
302002: Teardown TCP connection 103 faddr 10.96.111.65/5840 gaddr 10.96.108.65/2
1 laddr 10.96.108.65/21 duration 0:00:00 bytes 0 (TCP Reset-O)
What is wierd is that if I try any connection that is succesfull I get the same message but instead of a (TCP Reset-O) I get a (TCP FINs) message.
If someone has seen this message before. I would really appreciate it. I'm thinking that probablt the doble NAT in both Firewall1 and VPNRouter1 may have something to do with the problem. BTW I did a no fixup protocol ftp 21, just in case but it doesn't work.
Thanks
Gabriel