Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
0
Helpful
2
Replies

PIX handling of TCP Resets

admin_2
Level 3
Level 3

‎09-05-2002 07:28 AM - edited ‎02-20-2020 10:13 PM

Lets assume that there is a connection in the state table for the following:

Inside IP 1.1.1.1

Inside Port 4444

Outside IP 2.2.2.2

Outside Port 443

Basically we have an inside client ,1.1.1.1, connected to an outside SSL server, 2.2.2.2, and the source port is 4444.

If the client sends a TCP RST, does the PIX automatically reset the connection and is all subsequent traffic from 2.2.2.2 443 to 1.1.1.1 4444 blocked by the PIX due to no connection in the state table?

Thank you,

Kevin

0 Helpful
2 Replies 2

rrbleeker
Level 1
Level 1

‎09-05-2002 08:03 AM

The PIX will not reset the connection, but forward the packet to the destination IP address (2.2.2.2). The entry in the state table will be removed and subsequent packets related to this session (which should not occur) are denied.

0 Helpful

Not applicable
In response to rrbleeker

‎09-05-2002 08:14 AM

I guess my wording was not clear, what I meant to ask is will the PIX remove the connection from the state table which you answered. But, do I have to specifically configure the PIX to send TCP Resets?

Basically I am capturing traffic and seeing the inside host send a RST packet. The PIX then removes the connection but I then see return traffic (ACK packets) that is denied from the server in the syslog messages.

Kevin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card