Re: Syslog message about inside interface of PIX

j.joe · ‎09-16-2001

After upgraded from v5.3 to v6.0, I found the following log messages:

<166>Sep 14 2001 15:35:45: %PIX-6-106015: Deny TCP (no connection) from 192.168.140.63/139 to 192.168.140.61/1507 flags PSH ACK on interface inside

<166>Sep 14 2001 15:35:48: %PIX-6-106015: Deny TCP (no connection) from 192.168.140.63/139 to 192.168.140.61/1507 flags RST on interface inside

<166>Sep 14 2001 15:35:54: %PIX-6-106015: Deny TCP (no connection) from 192.168.140.63/139 to 192.168.140.61/1507 flags RST on interface inside

<166>Sep 14 2001 15:36:13: %PIX-6-302005: Built UDP connection for faddr 203.194.171.227/137 gaddr 203.194.171.243/137 laddr 192.168.140.243/137

Please note that the inside address of 192.168.140.61 maps to 203.194.171.227 and 192.168.140.243 maps to 203.194.171.243.

It is difficult for myself to explain why inside traffic is blocked or making connection on outside instead of inside.

Anyone can help to explain this? Or help to fix the problem?

Many Thanks.

bstremp · ‎09-20-2001

Deny TCP (no connection) simply means the PIX has not built a valid state to allow this TCP connection. It needs to see a SYN and a SYN ACK to allow the TCP connection). If this happened immediately after your upgrade, there may have been a state established prior that was lost during the upgrade. If it’s still happening regularly, it’s either a bug in 6.0 (I couldn’t find one using bug tracker) or maybe shutting down the PIX will for a few minutes will force these windows box’s (139 TCP is NetBios) to realize the connection has terminated. The destination machine isn’t even getting the RST but should reset itself after a few minutes anyway. Finally, try holding the connection state open longer with the “sysopt connection timewait” command.