Question : Lots of syslog entries %PIX-4-106023 since PIX upgrade to 6.3(3)

Since I have upgraded our PIX to IOS 6.3(3) the log file is full of entries :
PIX-4-106023: Deny tcp src outside:"Can be any host"/80 dst inside:"proxies PAT address"/34715 by access-group "outside-in"
This was not the case before the upgrade running 6.2(2).
It tells me that traffic is blocked coming from a host port 80 to our proxy server any port > 1024. This must be traffic related to a connection originaly setup by the proxy. When I look at the translation table I can still see a translation for that specific port and the proxy and the Global address. When I look at the connections I can't see a connection for host/80 <==> proxy/ >1024.(BTW - This is the most likely reason for the entrie in the log)

It looks like the proxy server closed the connection and the pix deleted the entry from the table but the server at the other end still thinks that there is a connection and tries to send traffic back .

Everything works fine as far as the proxy concerns !

Nothing is changed in the config since the upgrade.

The config is pretty basic, simple nat / pat

global (outside) 100 ProxiesPATaddr netmask 255.255.255.240
nat (inside) 100 proxy 255.255.255.255

What's different between 6.2 and 6.3 ?

Richard

Answer : Lots of syslog entries %PIX-4-106023 since PIX upgrade to 6.3(3)

PAQed with points refunded (250)

modulo
Community Support Moderator

Random Solutions

swithcing from POP3 to IMAP4

Adding a new forward lookup zone

CCNA test passing percentage?

ISA NOT BLOCKING EBUDDY.COM

network administrator salary

what kind of server?

Web and email hosting with 2 different hosts - how can it be done?

Can not join Win 03 Active Directory - The following error occurred attempting to join the domain "cerex"; The parameter is incorrect.

Trouble accessing internet.

Different netbios and DNS domain names in Active Directory