Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 515 running OS7.04 connection problems

I am getting Denys with a no connection error listed. The error lines are (the IPs have been changed to protect the innocent):

Apr 04 2006 11:47:19 nybetbpc001-p01 : %PIX-6-106015: Deny TCP (no connection) from 110.x.x.36/9488 to 110.x.x.114/2381 flags SYN ACK on

interface outside

Apr 04 2006 11:47:22 nybetbpc001-p01 : %PIX-6-106015: Deny TCP (no connection) from 110.x.x.36/9488 to 110.x.x.114/2381 flags ACK on inte

rface outside

Apr 04 2006 11:47:22 nybetbpc001-p01 : %PIX-6-106015: Deny TCP (no connection) from 110.x1.x.36/9488 to 110.x.x.114/2381 flags SYN ACK on

interface outside

Apr 04 2006 11:47:28 nybetbpc001-p01 : %PIX-6-106015: Deny TCP (no connection) from 110.x.x.36/9488 to 110.x.x.114/2381 flags ACK on inte

rface outside

Apr 04 2006 11:47:28 nybetbpc001-p01 : %PIX-6-106015: Deny TCP (no connection) from 110.x.x.36/9488 to 110.x.x.114/2381 flags SYN ACK on

interface outside

I have added static statements and done all I can think of to clear this and allow the connects. I have opened up the acls to permit IP since this is an internal development device. Can anyone give me a line to follow?

Thanks,

Jerry

2 REPLIES
Silver

Re: Pix 515 running OS7.04 connection problems

This message is logged when the firewall discards a TCP packet that has no associated connection in the firewall unit's connection table. The firewall looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the firewall discards the packet.

In some instances if the connection timesout after a little bit but the application still thinks that its up then we can change the Default connection timeout through the PIX to something higher then the default of One hour.

New Member

Re: Pix 515 running OS7.04 connection problems

I believe there is a bug on this. Check out some earlier posts on similar issues.

I believe the bug ID is CSCef38784.

DC

134
Views
0
Helpful
2
Replies