Hi,
we have an application running between 2 custom proxy servers with a PIX
between them. The application runs fine when both proxys are on the same
lan.
It stops working when we insert the PIX.
Access-group allows everything , inside device is translated on the outside
static (inside,outside) 172.20.0.95 172.20.0.95 netmask 255.255.255.255 0 0
When we put a debug packet we can see ;
1***172.20.0.95 SYN to 172.19.8.146 on the inside
2***PIX forwarding the 172.20.0.95 SYN to 172.19.8.146 on the outside
(using its own sequence number)
3***172.19.8.146 SYNACK to 172.20.0.95 on the outside
4***PIX forwarding the 172.19.8.146 SYNACK to 172.20.0.95 on the inside
5***172.20.0.95 ACK to 172.19.8.146
6**** But we don't see the PIX forwarding the last ACK on the outside .
We suspect that it is dropped by the PIX intrusion-protection mechanism.
Can anyone tell me if they see something wrong with the last packet ,
explaining why it is dropped ?
And can this be bypassed through some PIX tweaking ?
see debug packet trace in attachment
thanks