I've got a pix configured allowing radius authenticated access from the inside interface to a host on a dmz and all works fine.
The host is non-NAT'd so access prompts for SecurID then passes data.
Other subnets on the inside interface cannot access the host. It isn't routing as the request hits the firewall, but then it sends a telnet packet with win=0??
captures of working and non-working syslog below. Any help greatly appreciated.
Thanks
J
Not working trace.
172.16.9.74 ==> fdcms01
ver = 0x4 hlen = 0x5 tos = 0x10 tlen = 0x2c
id = 0xd11 flags = 0x0 frag off=0x0
ttl = 0x39 proto=0x6 chksum = 0x121f
-- TCP --
source port = 0x89e7 dest port = 0x17syn
seq = 0x3ee44c6b
ack = 0x0
hlen = 0x6 window = 0x4000
checksum = 0xe3ff urg = 0x0
tcp options: 0x2 0x4 0x2 0x0 -- DATA --
00000024: 00 00 97 |
...
--------- END OF PACKET ---------
--------- PACKET ---------
-- IP --
172.16.9.74 ==> fdcms01
ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x28
id = 0xd12 flags = 0x0 frag off=0x0
ttl = 0x39 proto=0x6 chksum = 0x1232
-- TCP --
source port = 0x89e7 dest port = 0x17
seq = 0x3ee44c6c
ack = 0x0
hlen = 0x5 window = 0x0
checksum = 0x3805 urg = 0x0
-- DATA --
0000001c: 00 00 00 00 |
....
0000002c: 00 00 5c | .
Working Trace
-- IP --
172.25.58.81 ==> FDCMS01
ver = 0x4 hlen = 0x5 tos = 0x10 tlen = 0x2c
id = 0x7e25 flags = 0x0 frag off=0x0
ttl = 0x3b proto=0x6 chksum = 0x6dfa
-- TCP --
source port = 0xef98 dest port = 0x17syn
seq = 0x6ccd31b0
ack = 0x0
hlen = 0x6 window = 0x4000
checksum = 0x3a10 urg = 0x0
tcp options: 0x2 0x4 0x2 0x0 -- DATA --
0000002c: 00 00 1d | ..
.
--------- END OF PACKET ---------
The host is non-NAT'd so access prompts for SecurID then passes data.
Other subnets on the inside interface cannot access the host. It isn't routing as the request hits the firewall, but then it sends a telnet packet with win=0??
captures of working and non-working syslog below. Any help greatly appreciated.
Thanks
J
Not working trace.
172.16.9.74 ==> fdcms01
ver = 0x4 hlen = 0x5 tos = 0x10 tlen = 0x2c
id = 0xd11 flags = 0x0 frag off=0x0
ttl = 0x39 proto=0x6 chksum = 0x121f
-- TCP --
source port = 0x89e7 dest port = 0x17syn
seq = 0x3ee44c6b
ack = 0x0
hlen = 0x6 window = 0x4000
checksum = 0xe3ff urg = 0x0
tcp options: 0x2 0x4 0x2 0x0 -- DATA --
00000024: 00 00 97 |
...
--------- END OF PACKET ---------
--------- PACKET ---------
-- IP --
172.16.9.74 ==> fdcms01
ver = 0x4 hlen = 0x5 tos = 0x0 tlen = 0x28
id = 0xd12 flags = 0x0 frag off=0x0
ttl = 0x39 proto=0x6 chksum = 0x1232
-- TCP --
source port = 0x89e7 dest port = 0x17
seq = 0x3ee44c6c
ack = 0x0
hlen = 0x5 window = 0x0
checksum = 0x3805 urg = 0x0
-- DATA --
0000001c: 00 00 00 00 |
....
0000002c: 00 00 5c | .
Working Trace
-- IP --
172.25.58.81 ==> FDCMS01
ver = 0x4 hlen = 0x5 tos = 0x10 tlen = 0x2c
id = 0x7e25 flags = 0x0 frag off=0x0
ttl = 0x3b proto=0x6 chksum = 0x6dfa
-- TCP --
source port = 0xef98 dest port = 0x17syn
seq = 0x6ccd31b0
ack = 0x0
hlen = 0x6 window = 0x4000
checksum = 0x3a10 urg = 0x0
tcp options: 0x2 0x4 0x2 0x0 -- DATA --
0000002c: 00 00 1d | ..
.
--------- END OF PACKET ---------