Archived from groups: comp.security.firewalls (More info?)
Hi,
I've been battling along last 2 days with my config and the end result is I
can only ping / tracert to machines on the internet.
All hosts on the network run on public ip addresses therefore no natting.
I allow telnet but cannot telnet - or it seems somewhere data is getting
lost and telnet session never establishes. This is what log shows:
Built outbound TCP connection 17 for faddr 196.4.16.227/23 gaddr
66.8.177.x/3901 laddr 66.8.177.x/3901
After a while it shows:
Teardown TCP connection 17 faddr 196.4.16.227/23 gaddr 66.8.177.x/3901
laddr 66.8.177.x/3901duration 02:11 bytes 0 (SYN Timeout)
I have tried adding a route statement on router for 66.8.177.x to the
internal interface of the pix and no difference. I do know the access list
is working because when I remove telnet access for the host 66.8.177.x then
the log shows dropped connection due to access list.
Where can I start looking to debug this, any ideas / recommendations?
Hi,
I've been battling along last 2 days with my config and the end result is I
can only ping / tracert to machines on the internet.
All hosts on the network run on public ip addresses therefore no natting.
I allow telnet but cannot telnet - or it seems somewhere data is getting
lost and telnet session never establishes. This is what log shows:
Built outbound TCP connection 17 for faddr 196.4.16.227/23 gaddr
66.8.177.x/3901 laddr 66.8.177.x/3901
After a while it shows:
Teardown TCP connection 17 faddr 196.4.16.227/23 gaddr 66.8.177.x/3901
laddr 66.8.177.x/3901duration 02:11 bytes 0 (SYN Timeout)
I have tried adding a route statement on router for 66.8.177.x to the
internal interface of the pix and no difference. I do know the access list
is working because when I remove telnet access for the host 66.8.177.x then
the log shows dropped connection due to access list.
Where can I start looking to debug this, any ideas / recommendations?