Pix connection error

bth_dad · ‎09-11-2003

I have two servers, one in my DMZ and one on the internal network. All IP traffic is allowed between the DMZ and the internal network. These two servers talk just fine for most of the time, but when they need to set up a particular connection, the connection times out. This is what is logged in the Pix for this connection:

302013: Built outbound TCP connection 32328306 for DMZ:10.1.241.72/80 (10.1.241.72/80) to inside:10.1.253.16/3259 (10.1.253.16/3259)

302014: Teardown TCP connection 32328306 for DMZ:10.1.241.72/80 to inside:10.1.253.16/3259 duration 0:00:05 bytes 679 TCP FINs

Any one familiar with this? Why does the pix just shut it down? This is not the first time I have seen this error.

Thanks

Todd

scoclayton · ‎09-11-2003

Todd,

The PIX is tearing the connection down because we saw the TCP FIN transaction (FIN, FIN-ACK, ACK) occur between the two hosts. So, to answer your question, the PIX is not shutting anything down. Looks like the application is the one closing the connection. The last part of the teardown message will always tell you why the PIX is removing the conn from the conn table. Hope this helps.

Scott

jmia · ‎09-11-2003

Todd,

Scott just beat me to it, but what scott said is correct - the clue here is 'TCP FINs' here's a link to explain:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/syslog/pixemsgs.htm#12543

Hope this helps - Jay