Hi, We had that topology:
Server1,Server2---7200---Server3,Server4 We changed it to that topology: Server1,Server2---(dmz)---FWSM---(outside)---Server3,Server4 The goal is to use FTP to transfer files (2MBs size) between Server2 and Server1. The problem occurs soon after Server2 starts sending data. As soon as few 100KB have been transferred we get the error message: "connection reset by peer". This issue occurs between: Server3 and Server1 Server3 and Server2 However there is no FTP issue between: Server3 and Server1 Server4 and Server1 On the FWSM I tried the following but it did not solve the issue: - ACL permitting everything I/O - no inspect ftp - norandomseq on each relevant translation rules - reload Server1 - restart relevant process on Server2 So we removed back to the former topology: Server1,Server2---7200---Server3,Server4 ...and without doing any reload/restart on any servers, the FTP issue did not exist any longer. Since replacing the FWSM by the router 7200 solves the issue and replacing the 7200 by the FWSM creates the issue, it is clear that the FWSM is the problem. But since the ACL allows everything, no inspect is done on FTP and also we disabled randomized sequence number (in case one server has already a firewall), what else could be done on the FWSM? Any suggestions/comments would be welcome. Thanks! Christophe _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
