03-02-2005 08:55 AM - edited 03-09-2019 10:30 AM
I have the weirdest thing going on. Some of our workstations CAN reach the website http://www.capwiz.com/nach and some cannot. I go to our pix and do a clear xlate and some machines are magically fixed, yet others are not able to reach the website. I have a global nat pool of about 100 addresses and one global PAT address beyond that. Any ideas would be greatly appreciated as this is a real problem for us. I don't know of any other websites that we have ever had this problem with. Thanks.
Sonny Pfeffer
Network Support Specialist I
Driscoll Children's Hospital
03-02-2005 03:12 PM
You need to find out if the connections are being established, and if so, why they are being torn down.
Check the logs and see:
1. Is the connection is built. (Built outbound TCP connection
2. Is the URL being accesses (
3. Why is the connection torn down? (Teardown TCP connection
The reason will tell you the direction and why it was torn down.
Jeff
03-03-2005 08:37 AM
It looks like the connection is being built and then immediately torn down with a result of "Reset-O". If after trying to access the website from a certain pc and don't reach the website, I immediately go to our pix and do a "clear xlate" on it, all of a sudden that machine (10.200.152.57) can reach the website. Others may still not be able to reach it. This is the strangest thing I've ever dealt with.
<190>Mar 03 2005 10:28:05: %PIX-6-302013: Built outbound TCP connection 274634 for outside:64.14.114.203/80 (64.14.114.203/80) to inside:10.200.152.57/2074 (67.67.242.253/26303)
<190>Mar 03 2005 10:28:08: %PIX-6-302014: Teardown TCP connection 274634 for outside:64.14.114.203/80 to inside:10.200.152.57/2074 duration 0:00:03 bytes 724 TCP Reset-O
03-03-2005 08:42 AM
Also...it seems real intermittent. Some machines CAN get to the website at one point, then can't later. I understand the "Reset-O" means the connection was reset from the outside, but I'm not sure what that means. Is it our internet router maybe? Should I be looking there? I almost think it has to do with our PIX, because the "clear xlate" seems to take care of the problem at least some of the time for some of the workstations. It's all very strange to me.
Sonny
03-03-2005 09:34 AM
Sonny,
Just as a test, can you add the following to your pix config: (in config mode)
> sysopt noproxyarp inside
Save with wr m and issue clear xlate.
And also clear the ARP table on your internet router and pix. If you have a internal LAN router that is acting as a gateway, clear the ARP on this router too.
Let me know your results.
Jay
03-03-2005 11:49 AM
I am having the same problem as the starter of this thread. It seems very random and almost such that is a DDoS situtation. it lasts for about an hour or so and then it "magically" stops. i have checked my connections and it only runs around 400 or so active connections throughout the day. I can't do a clear xlate during the day due to come VoIP phones that freak out if you kill their connection.
03-03-2005 11:57 AM
The reset-O means the tcp reset packet came from the far end connection. I do not think it's the firewall.
Are you running ip inspection on the internet router?
Can you run "show conn foreign
Jeff
03-04-2005 08:57 AM
I have also seen this type of behavior from web sites doing reverse lookup and not all ports had ptr records in dns.
03-05-2005 02:59 PM
Here's what I did to remedy the situation...I originally had a NAT pool of 100 IP addresses and a single overflow address for PAT. I eliminated the NAT pool for outgoing TCP connections, so now everyone going out is using the single IP address in a PAT configuration. This seems to have resolved the issue. I'm not sure what the root cause of the problem is except maybe the TCP connection that was being built outbound when trying to reach the website was being torn down too quickly by other outbound connections needing to get out and the return address the outside web server was trying to reach was no longer available. I guess....it was a real frustrating issue, but seems to be resolved.
Sonny
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide