I'm experiencing some strange connection issues when surfing the web through a couple of our PIX firewalls, but not through our Checkpoints.
Seems while surfing some websites the pix decides to close the connection before the last acknowledgement packet from the pc. Thus the pc resends the packet over and over. But the PIX has closed the connection. I can ping the site just fine, but the port 80 traffic gets cutoff. Funniest part, it only happens on some websites..... Anyone experience the same issues? It seems I'm missing some important config? PIX Version 6.2(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password passwd hostname kangchenjunga domain-name abnamrousa.com clock timezone CST -6 clock summer-time CDT recurring fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 no names access-list 1 permit icmp any any echo-reply access-list 1 permit icmp any any time-exceeded access-list 1 permit icmp any any unreachable pager lines 24 logging on logging trap notifications logging host inside 10.10.250.249 interface ethernet0 100full interface ethernet1 100full icmp deny any echo-reply outside mtu outside 1500 mtu inside 1500 ip address outside y.y.y.y 255.255.255.240 ip address inside 10.10.200.1 255.255.0.0 ip verify reverse-path interface outside ip verify reverse-path interface inside ip audit info action alarm ip audit attack action alarm drop pdm location 10.10.65.71 255.255.255.255 inside pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 10.10.0.0 255.255.0.0 0 0 access-group 1 in interface outside route outside 0.0.0.0 0.0.0.0 y.y.y.z 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt noproxyarp inside no sysopt route dnat telnet timeout 1 ssh 10.10.65.71 255.255.255.255 inside ssh timeout 5 : end Cheers, MKJ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Michael Jablonski ABN AMRO Asset Management Holdings, Inc. 161 North Clark St. 9th Flr Chicago, IL 60601-2468 PH: 312.884.2996 FAX: 312.278.5550 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53583&t=53583 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
