106023: Deny tcp src outside from WWW Servers

106023: Deny tcp src outside from WWW Servers
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
106023: Deny tcp src outside from WWW Servers Rene Obrecht 09-07-2005
Posted by Rene Obrecht on September 7, 2005, 5:04 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Dear all, we have a Cisco PIX 525, SW Release 6.3.4.

We have an ISA Proxy Server in our DMZ, the WWW Clients connect to this
ISA Proxy Server. This goes directly to the Internet.

There are many many entries like this in the Firewall log. Everything
works fine, but what about the warnings?

%PIX-4-106023: Deny tcp src outside:ISAPROXY/8080 dst
inside:172.25.111.158/2377 by access-group "dmz_to_intranet"

I guess the warnings are because there are answers from WWW Servers,
and no client waiting for them. Any Ideas?

Thanks, René



Posted by Rene Obrecht on September 7, 2005, 5:29 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Just found something in debug mode, this entry is when i click "abort"
or "reload" in my browser (TCP Reset-I). So everything is fine or can
this error message be "hidden", because with 500 WWW Users we got a lot
of them in the logfile.

%PIX-6-302014: Teardown TCP connection 35416669 for
outside:ISAPROXY/8080 to inside:172.22.113.5/2027 duration 0:00:01
bytes 10898 TCP Reset-I

%PIX-4-106023: Deny tcp src outside:ISAPROXY/8080 dst
inside:172.22.113.5/2027 by access-group "dmz_to_intranet"

Thanks



Similar ThreadsPosted
PIX firewall floods with PIX-4-106023: Deny tcp src inside message. May 10, 2006, 2:35 am
Deny IP spoof on Cisco ASA July 9, 2007, 4:57 am
checkpoint firewall default deny? February 15, 2005, 9:00 pm
Zone Alarm - allow deny - remember this setting....? June 13, 2005, 4:52 am
Deny TCP (no connection) flags RST on inside intf ? PIX 6.3.5 April 14, 2006, 12:53 pm
Enterasys Secure Router XSR3150 "Deny Massage" December 7, 2006, 8:46 pm
PIX firewalling web servers July 23, 2004, 4:06 pm
Re: PIX firewalling web servers July 26, 2004, 10:35 am
5XP Virtual Servers AND SSH August 3, 2005, 6:29 pm
netcreen 25 dmz web servers October 30, 2005, 10:50 am

The site map in XML format XML site map

Contact Us | Privacy Policy