Re: [fw-wiz] Question re: PIX message 302001
From: Anton A. Chuvakin (anton@chuvakin.org)
Date: 07/17/02
- Next message: David Pick: "Re: [fw-wiz] Using SSL accelerators in firewalls"
- Previous message: Darren Reed: "[fw-wiz] Using SSL accelerators in firewalls"
- In reply to: Trevor Nightingale: "[fw-wiz] Question re: PIX message 302001"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Anton A. Chuvakin" <anton@chuvakin.org> To: Trevor Nightingale <Trevor.Nightingale@sas.com> Date: Wed Jul 17 03:41:12 2002
Trevor and all,
>%PIX-6-302001: Built inbound|outbound TCP connection id for faddr
>faddr/fport gaddr gaddr/gport laddr laddr/lport (username)
>If this is an 'outgoing' TCP connection then I assume that the laddr
>value is the source address and the faddr value is the destination
>address.
Yes (see e.g.
http://www.netsys.com/firewalls/firewalls-2001-05/msg00282.html)
>If this is an 'incoming' TCP connection then I assume that the faddr
>value is the source addres and the laddr value is the destination
>address.
Yes, see
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v44/pix44em/pixemsgs.htm#1077
"Explanation This is a connection-related message. This message reports
that an authenticated TCP connection was started to foreign address faddr
using the global address gaddr [internet-visible IP in case of NAT] from
local address laddr [internal NAT address. If the connection required
authentication, the username is reported in the last field of the
message."
Best,
--
Anton A. Chuvakin, Ph.D.
http://www.chuvakin.org
http://www.info-secure.org
- Next message: David Pick: "Re: [fw-wiz] Using SSL accelerators in firewalls"
- Previous message: Darren Reed: "[fw-wiz] Using SSL accelerators in firewalls"
- In reply to: Trevor Nightingale: "[fw-wiz] Question re: PIX message 302001"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
