Hello,
One of the ISP's I connect to for POP3 mail sends an ACK request from a different IP address than the POP3 server's each time I log on to check email. This causes timeout problems. The PIX log entries read, "Deny TCP (no connection) from xxx.xx.xxx.xxx/80 to xxx.xxx.xxx.xxx/1982 flags ACK on interface outside".
The "service resetoutside" command eliminates the problem, but it also makes my system non-stealthy when port scanned. Is there a way I can establish a rule that will cause the PIX to respond to ACK requests from only certain IP's?
Thanks very much,
RCBEAR
One of the ISP's I connect to for POP3 mail sends an ACK request from a different IP address than the POP3 server's each time I log on to check email. This causes timeout problems. The PIX log entries read, "Deny TCP (no connection) from xxx.xx.xxx.xxx/80 to xxx.xxx.xxx.xxx/1982 flags ACK on interface outside".
The "service resetoutside" command eliminates the problem, but it also makes my system non-stealthy when port scanned. Is there a way I can establish a rule that will cause the PIX to respond to ACK requests from only certain IP's?
Thanks very much,
RCBEAR