TCP connections being reset when traffic volume is high
I have a PIX525 running PIXOS 705.I am using a guest network appliance to PAT 300 clients. The PAT'ed traffic is connected to a DMZ interface and ACLs applied. Clients can establish connections (using SSH, IMAP, POP etc) but when the volume of traffic is large the guest appliance public IP is seen to send a TCP RESET to both internet server and client. Has anyone seen an issue like this before? And if so how was the problem resolved? A single client was moved to a different guest appliance on the same DMZ interface with the same result. When the same client was moved to a NAT box on the inside interface it worked perfectly. So the global settings of the PIX are not to blame. NAT 0 is set for the DMZ interface and the ACLs are OK.
Re: TCP connections being reset when traffic volume is high
The problem was only observed with the puTTy SSH client. The SSH.com client worked perfectly. Even though I was using NAT 0 on the dmz interface for traffic originating from the NAT gateway the PIX still randomises TCP sequence numbers. Using NAT 0 plus norandomseq has caused fewer TCP RESETS being issued by the NAT gateway when clients are using puTTy SSH.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...