Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
0
Helpful
2
Replies

firewall connection log

suthomas1
Level 6
Level 6

‎11-07-2009 07:09 AM - edited ‎03-11-2019 09:37 AM

WOuld need advise on the attached logs from a connection , obtained by tcpdump on a firewall.

46.56.76.34 is the global ip of ours which is been NAT on the device. the private ip for this hosts a website, which is inaccessible.

202.94.66.21 is the internet ip used to check if the site is reachable.

Please suggest what does these logs indicate.

Thanks!

Labels:
Preview file
2 KB
0 Helpful
2 Replies 2

Herbert Baerten
Cisco Employee
Cisco Employee

‎11-09-2009 01:00 AM

The capture shows the client (202.94.66.21) sending a TCP SYN, followed by 46.56.76.34 sending a TCP RST.

This means that either the NAT is not configured properly, or the access-list is not permitting the inbound traffic, or the traffic goes through but the server is not listening to port 443.

Check the syslogs, check the same capture on the inside interface, check if you can connect to the server (on its private ip addess) from a client on the inside.

0 Helpful

austin522
Level 1
Level 1
In response to Herbert Baerten

‎11-10-2009 06:14 AM

The logs which are attached in the notepad give me a feeling,when connection is intiated from 202.94.66.21 to 46.56.76.34 on port 443 the server which is 46.56.76.34 is replying with a RST packet.so this could be the server is not listening on port 443

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card