Re: [fw-wiz] PIX dropping packets with source port 80

From: Martin Mačok (martin.macok_at_underground.cz)
Date: 05/26/04

Next message: cs 2004: "[fw-wiz] Pix to Checkpoint VPN Connectivity"

Previous message: Richard: "[fw-wiz] Problem with Cisco VPN client behind a NATed Netscreen"
In reply to: LazloCarreidas_at_netscape.net: "[fw-wiz] PIX dropping packets with source port 80"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Wed, 26 May 2004 10:57:26 +0200

On Tue, May 25, 2004 at 12:44:14PM -0400, LazloCarreidas@netscape.net wrote:

> We have a cluster of PIX 525. Since the upgrade of the PIX OS to
> 6.3(3), we get lots of 106023 messages, such as

> %PIX-4-106023: Deny tcp src DMZ:aaa.bbb.ccc.ddd (asite.adomain.atld)
> /80 dst inside:OurProxy/37568 by access-group "acl_DMZ"

Could you trace the TCP flags of such packets?
In which phase during the TCP connection do they appear? (after?)

> For the persons who uses the proxy, there is no issue...

Martin Mačok
IT Security Consultant
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: cs 2004: "[fw-wiz] Pix to Checkpoint VPN Connectivity"

Previous message: Richard: "[fw-wiz] Problem with Cisco VPN client behind a NATed Netscreen"
In reply to: LazloCarreidas_at_netscape.net: "[fw-wiz] PIX dropping packets with source port 80"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

www.derkeiler.com > Mailing-Lists > Firewall-Wizards > 2004-05