Help With Error Message

[TalentedFool]

Hi,

I'm trying to put an SMTP server in my DMZ 10.200.1.3, I can telnet to the server from inside on port 25 but going from the DMZ to the inside I get the following error

106001: Inbound TCP connection denied from 10.200.1.3/33675 to 172.30.212.99/25 flags SYN on interface intf2


What do I need to put in my configruation to correct this?


Thanks for any help you can give ~ Remember - Nothing is Fool Proof to a Talented Fool ~

 

[TalentedFool]

Sorry - this is posted in the wrong forum - should have been put in the Firewall section.

If anybody can answer it though - appreciated ~ Remember - Nothing is Fool Proof to a Talented Fool ~

 

[pmesjar]

This sounds to me like you have this kind of ACL rule applied in your ACL filtering traffic from outside to internal network::

access-list 100 permit tcp any any established

Parameter established allows only connections that are initiated from inside to outside, but not connections trying to be established from outside to inside. It is technique used to prevent TCP SYN attacks. Check your outbound ACL Peter Mesjar
CCNA, A+ certified
pmesjar@centrum.sk

 

[pmesjar]

Can you post your ACLs? Peter Mesjar
CCNA, A+ certified
pmesjar@centrum.sk

 

[TalentedFool]

Thanks,

But I've now solved the issue - I just created a new ACL for my DMZ and it works now.

~ Remember - Nothing is Fool Proof to a Talented Fool ~