PIX 514 V7.04
Hi, We have an SSH server running on Linux that sites behind our PIX firewall. Last week it stopped working, no changes to the PIX but a hardware failure on the SSH server. The disks were moved to new hardware and the server is up and running again. The problem we are having is we can connect to the ssh server from behind the firewall, but outside the firewall we get a "Connection Reset by Peer". The PIX logs show this:
Jul 24 2008 15:25:21: %PIX-6-302013: Built inbound TCP connection36169350 for outside:192.168.100.100/39398 (188.8.131.52/39398) to inside:10.10.10.10/22 (192.168.1.1/22) Jul 24 2008 15:25:21: %PIX-6-302014: Teardown TCP connection 36169350 for outside:192.168.100.100/39398 to inside:10.10.10.10/22 duration 0:00:00 bytes 25 TCP Reset-I
I captured packets from behind the firewall between the inside interface and the ssh server and saw the three way handshake, then the ssh server sending its version information and immdiately RST-ing the packet.
No. Time Source Destination Protocol Info 6445 19.599017 10.10.10.10 192.168.100.100 SSH Server Protocol: SSH-1.99-OpenSSH_3.7.1p2 No. Time Source Destination Protocol Info 6446 19.601211 10.10.10.10 192.168.100.100 TCP 22 > 54783 [RST] Seq=26 Ack=4047764188 Win=0 Len=0
It appears that the ssh server is rst-ing the connection but I am not sure why, The ssh admin thinks that this is a firewall issue. The firewall admin (me) thinks that its an ssh (or server) issue since the ssh server is rst-ing the packet.
Has anyone seen something like this just stop working? Is it the PIX and I'm just missing something? Any help would be appreciated