Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX handling of TCP Resets

Lets assume that there is a connection in the state table for the following:

Inside IP 1.1.1.1

Inside Port 4444

Outside IP 2.2.2.2

Outside Port 443

Basically we have an inside client ,1.1.1.1, connected to an outside SSL server, 2.2.2.2, and the source port is 4444.

If the client sends a TCP RST, does the PIX automatically reset the connection and is all subsequent traffic from 2.2.2.2 443 to 1.1.1.1 4444 blocked by the PIX due to no connection in the state table?

Thank you,

Kevin

2 REPLIES
New Member

Re: PIX handling of TCP Resets

The PIX will not reset the connection, but forward the packet to the destination IP address (2.2.2.2). The entry in the state table will be removed and subsequent packets related to this session (which should not occur) are denied.

Anonymous
N/A

Re: PIX handling of TCP Resets

I guess my wording was not clear, what I meant to ask is will the PIX remove the connection from the state table which you answered. But, do I have to specifically configure the PIX to send TCP Resets?

Basically I am capturing traffic and seeing the inside host send a RST packet. The PIX then removes the connection but I then see return traffic (ACK packets) that is denied from the server in the syslog messages.

Kevin

101
Views
0
Helpful
2
Replies
CreatePlease to create content