Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question re: PIX message 302001

From: "Anton A. Chuvakin" <anton () chuvakin org>
Date: Wed, 17 Jul 2002 00:47:52 -0400 (EDT)
Trevor and all,


%PIX-6-302001: Built inbound|outbound TCP connection id for faddr
faddr/fport gaddr gaddr/gport laddr laddr/lport (username)



If this is an 'outgoing' TCP connection then I assume that the laddr
value is the source address and the faddr value is the destination
address.

Yes (see e.g.
http://www.netsys.com/firewalls/firewalls-2001-05/msg00282.html)


If this is an 'incoming' TCP connection then I assume that the faddr
value is the source addres and the laddr value is the destination
address.

Yes, see
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v44/pix44em/pixemsgs.htm#1077

"Explanation This is a connection-related message. This message reports
that an authenticated TCP connection was started to foreign address faddr
using the global address gaddr [internet-visible IP in case of NAT] from
local address laddr [internal NAT address. If the connection required
authentication, the username is reported in the last field of the
message."

Best,
-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: