Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1229
Views
0
Helpful
3
Replies

Deny TCP ( no connection)

rmg
Level 1
Level 1

‎06-19-2002 12:14 PM - edited ‎03-08-2019 11:02 PM

I have an ACL that allows inbound traffic for TCP port 1026. My syslog server says that the firewall is denying access in.

Deny TCP (no connection) from x.x.x.x/1308 to x.x.x.x/1026 flags PSH ACK on interface outside

This was working fine. Any ideas?

Labels:
0 Helpful
3 Replies 3

geoffry
Level 1
Level 1

‎06-19-2002 02:39 PM

The "no connection" usually means that there was a TCP teardown on the NAT session prior to that error. Is there a tear down in your logs

0 Helpful

rmg
Level 1
Level 1
In response to geoffry

‎06-21-2002 04:59 AM

No there isn't. This was working for about 4 months and now has stopped.

I've opened all incoming tcp, udp and ip from this host and I still get this error.

Could the remote site have something to do with this?

0 Helpful

mhussein
Level 4
Level 4
In response to rmg

‎06-21-2002 06:16 PM

I think the reason that the incoming packet was denied is because -most likely- the packet was part of an established connection and it just arrived out of order or excessively delayed.

Remember that the PIX allows only packets pertaining to an entry in its state table - even with an "permit ip" access list.

Hope that helped ...

Mustafa

0 Helpful
Customers Also Viewed These Support Documents