We have that problem in the both direction and several times a day!
Moreover, the problem don't occur for everybody at the same time.
Indeed, on a same subnet, one person can succeed in establishing new TCP
connection while another can't.
Actually, symptoms didn't exist when we had just one 7301 (and then one PIX).
I don't know if it's important to analyse problem but I precise that we send
packets through the both 7301 but our BGP neighbor send return packets through
only one 7301.
I didn't remember the reason but it's like that!
Our IOS is : IOS (tm) 7301 Software (C7301-JK9S-M), Version 12.3(6), RELEASE
SOFTWARE (fc3)
And to be exhaustive, I add that 2 Cisco 2950 are located between the 7301 and
the PIX 525.
Gilles
-----Message d'origine-----
De : Andrew Shore [mailto:andrew.shore@holistecs.com]
Envoyé : vendredi 21 janvier 2005 10 37 Delobel
À : Delobel Gilles (M.); firewalls@securityfocus.com
Objet : RE: PIX 525 : pb with new TCP connections
Which direction are you having problem making the connection?
Inside->out
Or
Outside->in
There was a bug in the PIX OS with connections from the outside->in if
the static statement as configured for PAT but I understood it to be
fixed in 6.3.4
Andy
-----Original Message-----
From: gilles delobel [mailto:gilles.delobel@polytechnique.fr]
Sent: 20 January 2005 15:32
To: firewalls@securityfocus.com
Subject: PIX 525 : pb with new TCP connections
Hi,
We currently use 2 PIX 525 configuring for failover.
Outside interfaces are attached to 2 7300 Cisco Routers.
OSPF protocol is activated between the 4 appliances.
Version 6.3.4 is in use on the 2 PIX.
Our problem is that randomly, we can't succeed in establish new TCP
connections (it can last from few seconds to few minutes).
At the same time, Ping or Traceroute work correctly.
We had reboot the both PIX without success.
Any ideas ??
