I'm trying to configure my outside device to authenticate to my internal TACACS server. The outside device will need to go through my firewall to reach the TACACS server. PIX is using static and conduit configurations.
After a capture, it looks like the SYN-ACK from the TACACS server back to the outside device is not getting through. reference below Inside capture packet does not show in Outside capture.
10.67.153.54.49 > 192.168.22.129.23532: S [tcp sum ok] 207178040:207178040(0) ack 1004279043 win 16384 (ttl 121, id 16628)The static and conduit statements I have in my configuration: static (inside,outside) 10.67.153.54 10.67.153.54 netmask
255.255.255.255 0 0 conduit permit tcp host 10.67.153.54 eq tacacs host 57.69.22.129Looking for help in understanding what I am missing from my configuration to allow the 3-way handshake to complete.
Thanks. Jeff
outside device : 192.168.22.129 inside tacacs server : 10.67.153.54
I did a capture on the outside and inside PIX interfaces.
From OUTSIDE interface:
9 packets captured 192.168.22.129.23532 > 10.67.153.54.49: S [tcp sum ok] 1004279042:1004279042(0) win 4096 (ttl 255, id 10770) 10.67.153.54.49 > 192.168.22.129.23532: . [tcp sum ok] 3032334760:3032334760(0) ack 1005633663 win 0 (ttl 121, id 1) 192.168.22.129.23532 > 10.67.153.54.49: R [tcp sum ok] 1005633663:1005633663(0) win 4096 (ttl 255, id 10772) 192.168.22.129.23533 > 10.67.153.54.49: S [tcp sum ok] 1286061587:1286061587(0) win 4096 (ttl 255, id 10840) 10.67.153.54.49 > 192.168.22.129.23533: . [tcp sum ok] 2425551338:2425551338(0) ack 1287592320 win 0 (ttl 121, id 1) 192.168.22.129.23533 > 10.67.153.54.49: R [tcp sum ok] 1287592320:1287592320(0) win 4096 (ttl 255, id 10841) 192.168.22.129.23534 > 10.67.153.54.49: S [tcp sum ok] 352839760:352839760(0) win 4096 (ttl 255, id 10939) 10.67.153.54.49 > 192.168.22.129.23534: . [tcp sum ok] 1346473921:1346473921(0) ack 354529447 win 0 (ttl 121, id 1) 192.168.22.129.23534 > 10.67.153.54.49: R [tcp sum ok] 354529447:354529447(0) win 4096 (ttl 255, id 10941) 9 packets shownFrom INSIDE interface:
17 packets captured 192.168.22.129.23532 > 10.67.153.54.49: S [tcp sum ok] 1004279042:1004279042(0) win 4096 (ttl 255, id 10770) 10.67.153.54.49 > 192.168.22.129.23532: . [tcp sum ok] 2835789200:2835789200(0) ack 1005633663 win 0 (ttl 121, id 1) 10.67.153.54.49 > 192.168.22.129.23532: S [tcp sum ok] 207178040:207178040(0) ack 1004279043 win 16384 (ttl 121, id 16628) 192.168.22.129.23532 > 10.67.153.54.49: R [tcp sum ok] 1005633663:1005633663(0) win 4096 (ttl 255, id 10772) 10.67.153.54.49 > 192.168.22.129.23532: S [tcp sum ok] 207178040:207178040(0) ack 1004279043 win 16384 (ttl 121, id 16631) 192.168.22.129.23532 > 10.67.153.54.49: R [tcp sum ok] 1004279043:1004279043(0) ack 207178041 win 16384 (ttl 121, id 16631) 192.168.22.129.23533 > 10.67.153.54.49: S [tcp sum ok] 1286061587:1286061587(0) win 4096 (ttl 255, id 10840) 10.67.153.54.49 > 192.168.22.129.23533: . [tcp sum ok] 2049736084:2049736084(0) ack 1287592320 win 0 (ttl 121, id 1) 192.168.22.129.23533 > 10.67.153.54.49: R [tcp sum ok] 1287592320:1287592320(0) win 4096 (ttl 255, id 10841) 10.67.153.54.49 > 192.168.22.129.23533: S [tcp sum ok] 444038263:444038263(0) ack 1286061588 win 16384 (ttl 121, id 16633) 192.168.22.129.23533 > 10.67.153.54.49: R [tcp sum ok] 1286061588:1286061588(0) ack 444038264 win 16384 (ttl 121, id 16633) 192.168.22.129.23534 > 10.67.153.54.49: S [tcp sum ok] 352839760:352839760(0) win 4096 (ttl 255, id 10939) 10.67.153.54.49 > 192.168.22.129.23534: . [tcp sum ok] 205011690:205011690(0) ack 354529447 win 0 (ttl 121, id 1) 10.67.153.54.49 > 192.168.22.129.23534: S [tcp sum ok] 1216721629:1216721629(0) ack 352839761 win 16384 (ttl 121, id 16642) 192.168.22.129.23534 > 10.67.153.54.49: R [tcp sum ok] 354529447:354529447(0) win 4096 (ttl 255, id 10941) 10.67.153.54.49 > 192.168.22.129.23534: S [tcp sum ok] 1216721629:1216721629(0) ack 352839761 win 16384 (ttl 121, id 16646) 192.168.22.129.23534 > 10.67.153.54.49: R [tcp sum ok] 352839761:352839761(0) ack 1216721630 win 16384 (ttl 121, id 16646) 17 packets shown