Hi Everyone,

My Firewall : PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz - Software Version 7.0(4)

My BIG problems :

In a " particular condition ", in answer to an SYN ACK, the PIX send a RST ACK to the server, with an SEQ number of 1 HIGHER than it should be.

Example :

Source : 10.26.50.1 (server) Destination : 10.246.66.227 (client)

Source Port : 80 () Destination Port: 1414 ()

Sequence Number : 2191510856 Ack Number: 680687843

Header Length : 24 Flags: Ack Syn

Source : 10.246.66.227 (client) Destination : 10.26.50.1 (server)

Source Port : 1414 () Destination Port: 80 ()

Sequence Number : 680687844 Ack Number: 2191510857

Header Length : 20 Flags: Ack Rst

Source : 10.26.50.1 (server) Destination : 10.246.66.227 (client)

Source Port : 80 () Destination Port: 1414 ()

Sequence Number : 2191510857 Ack Number: 680687843

Header Length : 24 Flags: Ack Syn

Source : 10.246.66.227 (client) Destination : 10.26.50.1 (server)

Source Port : 1414 () Destination Port: 80 ()

Sequence Number : 680687844 Ack Number: 2191510858

Header Length : 20 Flags: Ack Rst

The server ignores this and sends out the ACK SYN again and this looping condition continues.

The logging (level 7) on the pix is like this :

PIX- %PIX-6-106015: Deny TCP (no connection) from 10.26.50.1/80 to 10.246.66.227/1414 flags SYN ACK on interface inside

PIX- %PIX-6-106015: Deny TCP (no connection) from 10.26.50.1/80 to 10.246.66.227/1414 flags SYN ACK on interface inside

PIX- %PIX-6-106015: Deny TCP (no connection) from 10.26.50.1/80 to 10.246.66.227/1414 flags SYN ACK on interface inside

PIX- %PIX-6-106015: Deny TCP (no connection) from 10.26.50.1/80 to 10.246.66.227/1414 flags SYN ACK on interface inside

...

Help me please ...