Hi
I have a problem with a cisco pix 515E os version 6.2(2) and I hope someone can help wme with this.
Basically I have one database server behind this firewall and clients connect to it through this firewall. At the moment the firewall has an access-group command that allows all clients to connect through. The problem I am experiencing happens to only two clients running redhat linux. What happens is randomly I get TCP Timeouts from these servers, say roughly one in every one thousand tcp requests. By sniffing the network on the pix external facing network interface I receive packets similar to this:
19:49:15.758315 opal.example.com.44808 > neptune.example.com.1521: S 3506603012:3506603012(0) win 5840 (DF)But sniffing the internal facing interface (i.e the database end), those packets don't come through. Its as though the pix has silently dropped them.
Now so far from my tests, I've noticed that a failure has always been occurring when the mss value is set to 1460. Although this might be a red-herring as trwaling through the capture logs I can see other SYN packets pass through with that value. Setting the "sysopt tcpmss" value to 1460 doesn't make any difference.
My questions are:
1) What other techniques are there to debug this? 2) Am I on the right track by looking at the mss value? 3) What else could be the problem? 4) Is this a known bug in the cisco OS?I really appreciate any help given.
Thanks in advance Dan