PIX running 7.2(2) not allowing access to one website...

rmundy · ‎05-16-2007

We're running 7.2(2) on a PIX 525. We can't seem to access one website. No deny messages show up in the syslog, just a TCP reset message.

2007-05-16 13:40:05 Local4.Info inet-pix May 16 2007 13:40:05: %PIX-6-302014: Teardown TCP connection 673938 for outside:207.46.248.109/80 to inside:10.x.x.x/3777 duration 0:01:01 bytes 1274 TCP Reset-I

I found one article on CISCO's website that referenced an issue with large MSS, but that doesn't seem to be the problem. Any ideas?

joshua.walton · ‎05-17-2007

Please post your config.

Btw, You didnt have to hide "inside:10.x.x.x/3777" as it wont be reachable from the outside anyway. ;o)

rmundy · ‎05-18-2007

I know I didn't, but I just felt better doing it. I've attached the config.

zulqurnain · ‎05-22-2007

hello

as what i know and seen, TCP Reset-1 message appears when the remote host rejects or send a malformed packet reply

also did you try connecting from outside to this site at the same time when you had the problem, this might give you a clue.

HTH, please rate it

rmundy · ‎05-23-2007

I've tried it from outside and don't see the TCP-Reset. But the only hosts that seem to be able to access the site are the ones I've got setup with a static translation. Can a single IP address be used as a static translation for multiple IPs?