Re: Recon from Pakistan

[JNelson () CMCCONTROLS COM (CL: Nelson, Jeff)]

Just a follow-up to my earlier post. I've spoken with the Cisco TAC.

> Feb 28 16:11:48 [5.5.5.243] %PIX-7-106011: Deny self route tcp src
outside:63.70.25.75/2666 dst
outside:1.1.1.43/111
This line is an attempt from the outside to connect to an external address
that does not exist on the PIX because no connection has been built for an
internally initiated session that uses that address. Meaning, 1.1.1.43 isn't
being used (NAT) at the moment.

> Feb 28 16:38:00 [5.5.5.243] %PIX-2-106001: Inbound TCP connection denied
from 63.70.25.75/2666 to 5.5.5.219/111 flags SYN
This line is seen when an outside source initiates a connection to an IP
address (NAT) that is being used for a
session that is currently in progress.

The PIX uses the internal address for the established connection in the
syslog.

If this is confusing to anybody, just email me direct. I don't want to get
into deciphering PIX syslog on the list. However, since I posted the
original question, I thought I would also post the answer as well for
closure.

Cheers,

Jeff

> > > > > > > > > > > > > > > > > > > > > > > > > > <<<<<<<<<<<<<<<<<<<<<<<<<<
Jeffrey L. Nelson        | Cleveland Motion Controls
Network Manager          | 7550 Hub Parkway
                         | Cleveland, Ohio 44125
jnelson () cmccontrols com  | 216-642-5147
> > > > > > > > > > > > > > > > > > > > > > > > > > <<<<<<<<<<<<<<<<<<<<<<<<<<