Core issue
Resolution
When the PIX Firewall terminates any TCP connection, it generates a log message (which can be collected using a syslog server) that provides a reason for the termination. For example, if a TCP connection has been established between two hosts across the PIX, a TCP RESET-I in the log message means that the server from the inside is sending a reset to the PIX (which instructs the PIX to drop the connection). The PIX then drops the connection and logs a RESET-I.
If the log message contains a TCP RESET-O, it indicates that the server on the outside is resetting the connection.
Note: TCP resets do not originate from the PIX, but from the server either on the outside or the inside (depending on the reset established).
For detailed information on the various causes of TCP termination, refer to this chart:
Reason | Description |
---|
Reset-I | TCP reset was from the inside |
Reset-O | TCP reset was from the outside |
TCP FINs | Normal shutdown sequence |
FIN Timeout | Forced termination after 15 seconds awaiting last ACK |
SYN Timeout | Forced termination after two minutes awaiting three-way handshake completion |
Xlate Clear | Command-line removal |
Deny | Terminated by application inspection |
SYN Control | Back channel initiation from wrong side |
Uauth Deny | Denied by URL filter |
Unknown | Catch-all error |
Conn-timeout | Connection was torn down because it was idle longer than the configured idle timeout |
The show conn detail command provides information about the status of TCP connections through PIX. For information on log messages, refer to the Error and System Messages guide for the code that PIX is currently running. Issue the show version command to obtain the current version of software on the PIX.
Problem Type
How to (General Information)
Troubleshoot software feature
Product Family
Firewall - PIX 500 series
PIX Software Version
PIX version 5.x
PIX version 6.x
PIX version 7.x
Protocol / Ports
TCP
Selected PIX or Router Commands
show connections