Cisco Pix debug help

Hi

I have a problem with a cisco pix 515E os version 6.2(2) and I hope
someone can help wme with this.

Basically I have one database server behind this firewall and clients
connect to it through this firewall. At the moment the firewall has an
access-group command that allows all clients to connect through. The
problem I am experiencing happens to only two clients running redhat
linux. What happens is randomly I get TCP Timeouts from these servers,
say roughly one in every one thousand tcp requests. By sniffing the
network on the pix external facing network interface I receive packets
similar to this:

19:49:15.758315 opal.example.com.44808 > neptune.example.com.1521: S
3506603012:3506603012(0) win 5840 <mss 1460,sackOK,timestamp 20268080
0,nop,wsc
ale 0> (DF)

But sniffing the internal facing interface (i.e the database end),
those packets don't come through. Its as though the pix has silently
dropped them.

Now so far from my tests, I've noticed that a failure has always been
occurring when the mss value is set to 1460. Although this might be a
red-herring as trwaling through the capture logs I can see other SYN
packets pass through with that value. Setting the "sysopt tcpmss" value
to 1460 doesn't make any difference.

My questions are:
1) What other techniques are there to debug this?
2) Am I on the right track by looking at the mss value?
3) What else could be the problem?
4) Is this a known bug in the cisco OS?

I really appreciate any help given.

Thanks in advance
Dan

.

Relevant Pages