Options
Pix SYN Timeout
svo4dot6
Member Posts: 35 ■■□□□□□□□□
Hey Guys,
I have been noticing some odd syslog entries on one of my pix firewalls and am having a hard time tracking down the exact problem. I have a 1-to-1 nat setup for a website so the nat/firewall config is pretty basic:
access-list acl_outside extended permit tcp any host 216.x.x.100 eq https
static (dmz,outside) tcp 216.x.x.100 https 10.0.0.100 https netmask 255.255.255.255
Problem is that I have a couple of different IP addresses that I am seeing the following log entries for:
Aug 13 07:04:14 10.0.60.1 %PIX-6-609001: Built local-host outside:201.x.x.234
Aug 13 07:04:14 10.0.60.1 %PIX-6-609001: Built local-host dmz:10.0.0.100
Aug 13 07:04:14 10.0.60.1 %PIX-6-302013: Built inbound TCP connection 958445988 for outside:201.x.x.234/59879 (201.x.x.234/59879) to dmz:10.0.0.100/443 (216.x.x.100/443)
Aug 13 07:04:44 10.0.60.1 %PIX-6-302014: Teardown TCP connection 958445988 for outside:201.x.x.234/59879 to dmz:10.0.0.100/443 duration 0:00:30 bytes 0 SYN Timeout
The device is a pix 525 running 7.04, but I'm fairly confident that it is not an issue with the pix as I only see issues with a couple of addresses, but I see SYN Timeouts maybe 4 out of 5 times they attempt a connection.
BTW I'm pretty new to pix firewalls, I focus on the r/s side but do have a couple of pix's on the edge of my network. Any thoughts?
I have been noticing some odd syslog entries on one of my pix firewalls and am having a hard time tracking down the exact problem. I have a 1-to-1 nat setup for a website so the nat/firewall config is pretty basic:
access-list acl_outside extended permit tcp any host 216.x.x.100 eq https
static (dmz,outside) tcp 216.x.x.100 https 10.0.0.100 https netmask 255.255.255.255
Problem is that I have a couple of different IP addresses that I am seeing the following log entries for:
Aug 13 07:04:14 10.0.60.1 %PIX-6-609001: Built local-host outside:201.x.x.234
Aug 13 07:04:14 10.0.60.1 %PIX-6-609001: Built local-host dmz:10.0.0.100
Aug 13 07:04:14 10.0.60.1 %PIX-6-302013: Built inbound TCP connection 958445988 for outside:201.x.x.234/59879 (201.x.x.234/59879) to dmz:10.0.0.100/443 (216.x.x.100/443)
Aug 13 07:04:44 10.0.60.1 %PIX-6-302014: Teardown TCP connection 958445988 for outside:201.x.x.234/59879 to dmz:10.0.0.100/443 duration 0:00:30 bytes 0 SYN Timeout
The device is a pix 525 running 7.04, but I'm fairly confident that it is not an issue with the pix as I only see issues with a couple of addresses, but I see SYN Timeouts maybe 4 out of 5 times they attempt a connection.
BTW I'm pretty new to pix firewalls, I focus on the r/s side but do have a couple of pix's on the edge of my network. Any thoughts?