11-07-2006 05:15 AM
I've remote branch connected to sentral branch via IPSEC.
10.20.5.9-mail server in central branch
10.20.58.15-user's PC in remote branch
Users in remote branch are trying to connect MS Exchange server via https and sometimes they can not do it. From log i can see next messages-
302014: Teardown TCP connection 11679 for outside:10.20.5.9/443 to inside:10.20.58.15/2173 duration 0:00:21 bytes 10227 TCP Reset-I
302014: Teardown TCP connection 11680 for outside:10.20.5.9/443 to inside:10.20.58.15/2174 duration 0:00:19 bytes 24783 TCP Reset-I
302014: Teardown TCP connection 11683 for outside:10.20.5.9/443 to inside:10.20.58.15/2177 duration 0:00:15 bytes 8841 TCP Reset-I
302014: Teardown TCP connection 11684 for outside:10.20.5.9/443 to inside:10.20.58.15/2178 duration 0:00:15 bytes 16162 TCP Reset-I
106015: Deny TCP (no connection) from 10.20.5.9/443 to 10.20.58.15/2174 flags PSH ACK on interface outside
106015: Deny TCP (no connection) from 10.20.5.9/443 to 10.20.58.15/2174 flags FIN ACK on interface outside
106015: Deny TCP (no connection) from 10.20.5.9/443 to 10.20.58.15/2178 flags PSH ACK on interface outside
106015: Deny TCP (no connection) from 10.20.5.9/443 to 10.20.58.15/2178 flags FIN ACK on interface outside
106015: Deny TCP (no connection) from 10.20.5.9/443 to 10.20.58.15/2178 flags FIN PSH ACK on interface outside
What does it mean and how to fix it?
11-13-2006 07:12 AM
This Teardowns message will occur, when a lower security interface attempts to send traffic to a higher security interface.
Try this link:
11-19-2006 12:33 PM
Hi,
here are some questions:
1. Where is the server - on the outside DMZ?
2. What is the timeout for TCP connections in this Firewall?
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide