https://community.cisco.com/t5/network-security/client-sending-tcp-resets/m-p/833351#M969699 <P>-----</P><P>update</P><P>-----</P><P>i guess the client is just doing what it is suppose to do when you have a routing loop and the client is getting a syn instead of a syn-ack</P><P>case closed <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>-----------</P><P></P><P>I have a recently created FWSM context. Currently i have a rule says.</P><P>"any host x.x.x.x any". I am able to send udp or icmp to that host but any attempts to send tcp to that host results in a tcp reset being sent from the client. example</P><P></P><P>(inside host) tcp ftp syn</P><P>(outside host) tcp ftp ack</P><P>(inside host) tcp ftp rst</P><P></P><P>then the outside host tries to complet the connection build, but its rejected by the firewall because the connection is no longer in the state table.</P><P>This happens with any client that I use on this firewall context. also if I move this client to another firewall context this does not happen. has anyone seen this behavior before? what causes the client to send the tcp reset?</P><P></P><P>FWSM Firewall Version 3.1(4) &lt;context&gt;</P><P>Device Manager Version 5.0(2)F</P><P></P> Mon, 11 Mar 2019 11:09:27 GMT BARRY GROSS 2019-03-11T11:09:27Z https://community.cisco.com/t5/network-security/client-sending-tcp-resets/m-p/833351#M969699 <P>-----</P><P>update</P><P>-----</P><P>i guess the client is just doing what it is suppose to do when you have a routing loop and the client is getting a syn instead of a syn-ack</P><P>case closed <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>-----------</P><P></P><P>I have a recently created FWSM context. Currently i have a rule says.</P><P>"any host x.x.x.x any". I am able to send udp or icmp to that host but any attempts to send tcp to that host results in a tcp reset being sent from the client. example</P><P></P><P>(inside host) tcp ftp syn</P><P>(outside host) tcp ftp ack</P><P>(inside host) tcp ftp rst</P><P></P><P>then the outside host tries to complet the connection build, but its rejected by the firewall because the connection is no longer in the state table.</P><P>This happens with any client that I use on this firewall context. also if I move this client to another firewall context this does not happen. has anyone seen this behavior before? what causes the client to send the tcp reset?</P><P></P><P>FWSM Firewall Version 3.1(4) &lt;context&gt;</P><P>Device Manager Version 5.0(2)F</P><P></P> Mon, 11 Mar 2019 11:09:27 GMT https://community.cisco.com/t5/network-security/client-sending-tcp-resets/m-p/833351#M969699 BARRY GROSS 2019-03-11T11:09:27Z https://community.cisco.com/t5/network-security/client-sending-tcp-resets/m-p/833352#M969700 <HTML><HEAD></HEAD><BODY><P></P><P></P><P>Hi,</P><P>What type of ftp are u trying to do ?</P><P>the client is located in the inside and the server is located at the outside .</P><P></P><P>Have u got the fixups enabled or diabled ?</P><P>if it is disabled this can be a cause for the problem </P><P>To check for detailed info have u run the captures on the firewall ?</P><P>Also have u checked the syslog messages at the debugging level? It might give u an idea why the cleint is sending the reset message ?</P><P></P><P>Raj</P><P></P><P></P></BODY></HTML> Thu, 13 Sep 2007 06:09:51 GMT https://community.cisco.com/t5/network-security/client-sending-tcp-resets/m-p/833352#M969700 rajbhatt 2007-09-13T06:09:51Z