Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

The packet seems to pass after 4 retry, always 4, a clue?

Hi,

My customer has a problem about an outgoing connection, from inside to outside. The outside server (Apache w OpenSSL) use port 80 and encrypt the payload.

In the PIX, we have desactivated HTTP fixup, remove Websense and we always have the same problem.

There is the sequence of this problem :

1. The internal client build the TCP connection which looks perfect. (Both syn, ack are correct)

2. The internal client send the http get request.

3. The ouside server reply HTTP 200 1.1... and send a bunch of encrypted data, followed immediately by a FIN packet.

4. Tracing just before the PIX, we see both packets (data & FIN).

5. In the PIX's log, there isn't any deny.

6. The client receives the FIN packet, not the data.

7. The client informs the servers with selective ACK that he doesn't have received the DATA.

8. Of course, the outside server ignore this SACK because data was already sent.

9. After 4 standard TCP timeout and retransmit (+3 sec, +6sec, +12 sec and finally +24 sec) which means approx 50 sec, the PIX leave the data packet pass through.

10. The client send FIN to close the connection.

Why it takes 5 packets (initial + 4 retry) ?

Do you have any clues?

Regards

Ben

1 REPLY
Silver

Re: The packet seems to pass after 4 retry, always 4, a clue?

Hello Ben,

I would be interested to see the show tec/syslog and the sniffer on both inside/outside of the pix. I have sent an e-mail off line, please respond back with the required info. Thanks,

Mynul

94
Views
0
Helpful
1
Replies
CreatePlease login to create content