I would have to agree with your first comments on this, as you quite rightly pointed out, the lack of access list on the inside should allow all traffic outbound (should really look at locking this down to prevent any worms/viruses spreading out of your network attacking others as you would be responsible) as you are going from high security level to low.
The connection is being initially reset from the server on the Internet "TCP Reset-O". The only way to definetly confirm this is to do a packet capture on that outside interface.
It may be worth doing a packet capture on the external interface (when quite). You can do this by doing the following commands;
"Capture Test interface intname
show capture test"
No Capture Test - Turns it off
This may identify that the remote server is closing the connection down ?
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit
www.sec-1.com
or PM me for details.
