Question : HTTPS keeps Rest connection [RST,ACK]

Hi All

I just configured to enable OWA/https to access exchange server from outside of network. In my firewall, I can see the following message:

==========================================
0.000000 120.18.105.94 -> 203.65.45.8 TCP 1205 > 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1400 WS=2 TSV=0 TSER=0
0.000255 203.65.45.8 -> 120.18.105.94 TCP 443 > 1205 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
0.721140 120.18.105.94 -> 203.65.45.8 TCP 1205 > 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1400 WS=2 TSV=0 TSER=0
0.721332 203.65.45.8 -> 120.18.105.94 TCP 443 > 1205 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
1.502506 120.18.105.94 -> 203.65.45.8 TCP 1205 > 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1400 WS=2 TSV=0 TSER=0
1.502726 203.65.45.8 -> 120.18.105.94 TCP 443 > 1205 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
2.198115 120.18.105.94 -> 203.65.45.8 TCP 1205 > 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1400 WS=2 TSV=0 TSER=0
2.198332 203.65.45.8 -> 120.18.105.94 TCP 443 > 1205 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
3.008515 120.18.105.94 -> 203.65.45.8 TCP 1205 > 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1400 WS=2 TSV=0 TSER=0
3.008708 203.65.45.8 -> 120.18.105.94 TCP 443 > 1205 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
3.814093 120.18.105.94 -> 203.65.45.8 TCP 1205 > 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1400 WS=2 TSV=0 TSER=0
3.814305 203.65.45.8 -> 120.18.105.94 TCP 443 > 1205 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
==============================================================================

120.18.105.94 is my client testing machine, 203.65.35.8 is my exchange server. (NAT configured)

Anyone can give me some idea why the https keeps reset connection? what the problem could be?

Thanks

Answer : HTTPS keeps Rest connection [RST,ACK]

Try and configure a secondary address on the OWA server and bind it to the interface (192.168.6.40; if available), remove/update the NAT for 203.65.45.8 192.168.6.8 to point to the new IP of the .40

I am not familiar with the firewall that you do have; I am thinking the static NATs are having issues. What possible could be happening is that the connection (Initial SYN Packet) arrives at the firewall (203.65.45.8), then gets translated, sent to the server, server receives the SYN, the server then sends a SYN ACK back, but the firewall already has a static NAT for 203.65.45.7 192.168.6.8 so as there is no stateful connection, in the NAT table, and the firewall is sending back the RST, ACK. However, the firewall has a stateful connection for the 203.65.45.8 192.168.6.8, maybe it is using the first static NAT in the table it finds is the only thing that I can think of.

Billy

Random Solutions

CUCM (System version: 6.1.3.3190-1) administration

Drivers for Windows 7 on old machine

How do I get the next and previous record of one target record in a set of records?

When HTTPS SSL redirects to HTTP , IE Issues a Warning

iSCSI Initiator and multiple connections

Manual Update of WSUS Data Files

PHP: Output image on die

How to automatically resize pictures in Outlook 2007

WLC and LWAPP Design

.net 2.0 deployment prereq not available in VS2010