Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
749
Views
0
Helpful
1
Replies

TCP Reset-I on FTP Service

t4tauseef33
Level 1
Level 1

‎06-01-2009 05:55 AM - edited ‎03-09-2019 10:20 PM

Hi All,

I have a PIX firewall that has two VLAN's

1) Customer

2) LAN

LAN machines are connected directly to the PIX and the PIX firewall is the dfault gateway for machines.

Customer mcahines are connected to a router (default gateway) and that router is connected to the PIX firewall on the customer VLAN.

I am using active FTP over the internet.

LAN machines are using the FTP service ok but its not working for customer machines (authentication works and no data transfer).

I got the following logs on firewall when try to do the ftp from customers machine. It is TCP Reset-I. Any suggestion to solve this. Firewall is already have FTP inspection and allowing full access outbound but not inbound.

I got a deny packet when i write 'dir' to get the directory list on FTP and there it failed. Any suggestion will be great help for me.

Jun 1 14:40:40 10.10.10.10 %PIX-6-302013: Built outbound TCP connection 529822889 for Internet:193.30.30.30/21 (193.30.30.30/21) to Customer:10.16.248.65/44774 (195.190.190.190/59103)

Jun 1 14:41:00 10.10.10.10 %PIX-6-302013: Built outbound TCP connection 529823614 for Internet:193.30.30.30/20 (193.30.30.30/20) to Customer:10.16.248.65/44781 (195.190.190.190/59981)

Jun 1 14:41:03 10.10.10.10 %PIX-6-302014: Teardown TCP connection 529823614 for Internet:193.30.30.30/20 to Customer:10.16.248.65/44781 duration 0:00:03 bytes 0 TCP Reset-I

Jun 1 14:41:03 10.10.10.10 %PIX-4-106023: Deny tcp src Internet:193.30.30.30/20 dst Customer:195.190.190.190/59981 by access-group "Internet_access_in" [0x0, 0x0]

Jun 1 14:43:41 10.10.10.10 %PIX-6-302014: Teardown TCP connection 529822889 for Internet:193.30.30.30/21 to Customer:10.16.248.65/44774 duration 0:03:01 bytes 1136 TCP Reset-O

Labels:
0 Helpful
1 Reply 1

smalkeric
Level 6
Level 6

‎06-05-2009 01:14 PM

Error Message %PIX-6-302013: Built {inbound|outbound} TCP connection number for

interface_name:real_address/real_port (mapped_address/mapped_port) to

interface_name:real_address/real_port (mapped_address/mapped_port) [(user)]

Explanation A TCP connection slot between two hosts was created.

Where:

connection number is a unique identifier.

interface, real_address, real_port identify the actual sockets.

mapped_address, mapped_port identify the mapped sockets.

user is the AAA name of the user.

If inbound is specified, then the original control connection was initiated from the outside. For example, for FTP, all data transfer channels are inbound if the original control channel is inbound. If outbound is specified, then the original control connection was initiated from the inside.

Recommended Action None required.

%PIX-6-302014: Teardown TCP connection number for

interface_name:real_address/real_port to interface_name:real_address/real_port

duration time bytes number [reason] [(user)]

Explanation A TCP connection between two hosts was deleted.

Where:

connection number is an unique identifier.

interface, real_address, real_port identify the actual sockets.

time is the lifetime of the connection.

bytes number is the data transfer of the connection.

user is the AAA name of the user.

The below URL describes the list of TCP termination:

http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1040111

0 Helpful
Customers Also Viewed These Support Documents