Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
230
Views
0
Helpful
1
Replies

Pix TCP Resets

jmcmasters
Level 1
Level 1

‎01-23-2006 05:50 AM - edited ‎02-21-2020 12:39 AM

I have a Pix 525 with multiple DMZ's. Behind one of the DMZ's lies my public interface of a traffic mitigation server. Fron this interface the server sends out TCP resets for P2P traffic to save upstream bandwidth. I am seeing that the pix is preventing alot of these resets as when I remove the server from behind the firewall I can see the resets. Is there something that I need to add to allow these connections out? Or is there debugs I can run to see these being stopped?

Thanks

Jeremy

0 Helpful
1 Reply 1

wong34539
Level 6
Level 6

‎01-27-2006 11:02 AM

The TCP reset action is only appropriate as an action selection on those signatures associated with a TCP-based service. If selected as an action on non-TCP-based services, no action is taken. Additionally, TCP resets are not guaranteed to tear down an offending session because of limitations in the TCP protocol. Make ACL changes to block traffic on routers (or PIX Firewall or Cisco Catalyst 6000 switches) that the sensor manages, using the command and control interface

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card