Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

TCP connections being reset when traffic volume is high


I have a PIX525 running PIXOS 705.I am using a guest network appliance to PAT 300 clients. The PAT'ed traffic is connected to a DMZ interface and ACLs applied. Clients can establish connections (using SSH, IMAP, POP etc) but when the volume of traffic is large the guest appliance public IP is seen to send a TCP RESET to both internet server and client. Has anyone seen an issue like this before? And if so how was the problem resolved? A single client was moved to a different guest appliance on the same DMZ interface with the same result. When the same client was moved to a NAT box on the inside interface it worked perfectly. So the global settings of the PIX are not to blame. NAT 0 is set for the DMZ interface and the ACLs are OK.

Thanks, Piaras


Re: TCP connections being reset when traffic volume is high

Tcp connections fail when tcp stack users are exhausted.The only way out is to reduce the amount of traffic sent out by the clients.The packets might be dropped due to RED policy on routers.

Community Member

Re: TCP connections being reset when traffic volume is high


The problem was only observed with the puTTy SSH client. The client worked perfectly. Even though I was using NAT 0 on the dmz interface for traffic originating from the NAT gateway the PIX still randomises TCP sequence numbers. Using NAT 0 plus norandomseq has caused fewer TCP RESETS being issued by the NAT gateway when clients are using puTTy SSH.

CreatePlease to create content