Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
3
Replies

connection problems since upgrade to ver 7.01

pbendall
Level 1
Level 1

‎07-15-2005 05:30 AM - edited ‎03-09-2019 11:51 AM

I have connection problems to some sites since upgrading my pix 525 to version 7.01.

Syslog message is

106001:inbound TCP connection denied from 192.168.13.29/36973 to 194.177.x.x/80 flags SYN on interface inside.

These sites are used daily and have worked successfully for sometime when the pix was version 6.3.4.

I put a pix 515 with version 6.3.4 in place of the pix 525 and connection to the sites are ok.

In addition incoming connection from some sites are rejected since the upgrade. I have applied a workaround by removing the ip verify reverse-path interface outside command and adding service resetinbound commands.

Is this a known problem as I dont want to revert back to 6.3.4

Thanks

Pete

Labels:
0 Helpful
3 Replies 3

owillins
Level 6
Level 6

‎07-21-2005 06:38 AM

Error Message %PIX-2-106001: Inbound TCP connection denied from IP_address/port to IP_address/port flags tcp_flags on interface interface_name

This is a connection-related message. This message occurs when an attempt to connect to an inside address is denied by your security policy. Possible tcp_flags values correspond to the flags in the TCP header that were present when the connection was denied. For example, a TCP packet arrived for which no connection state exists in the PIX Firewall, and it was dropped. The tcp_flags in this packet are FIN and ACK.

The tcp_flags are as follows:

The acknowledgment number was received.

Data was sent.

The receiver passed data to the application.

The connection was reset.

Sequence numbers were synchronized to start a connection.

The urgent pointer was declared valid.

0 Helpful

boshoff
Level 1
Level 1

‎08-10-2005 12:28 AM

Hi Pete,

are you using the 'any' statement for access to these sites? Since we've upgraded to 7.01 the any address get's translated to something else than 0.0.0.0 but you only see this when you choose 'show detail' in the ASDM. in the access list it will still show 'any' but in ADSM it shows 192.168.11.0/24 in stead of 0.0.0.0...

Harry

0 Helpful

s.uslay
Level 1
Level 1

‎08-29-2005 09:34 PM

did you guys solve this ? I have the same problem with V7.0(1)2 .

regards

Serhat

0 Helpful
Customers Also Viewed These Support Documents