ā07-26-2011 04:51 AM - edited ā03-11-2019 02:03 PM
Hello,
I have Cisco Router with the below config:
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address dhcp
ip access-group 103 in
ip access-group 109 out
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly
I am facing problem with Outlook Users in to my Lan Network. They loose connectivity to Exchange Server Intermittently. When they connect their
Laptops directly on BroadBand line, it works perfect.
I can see following logs:
010303: Jul 25 15:29:41.844: %SEC-6-IPACCESSLOGP: list 103 denied tcp X.X.X.X(80) -> X.X.X.X (2551), 1 packet
010304: Jul 25 15:29:43.848: %SEC-6-IPACCESSLOGP: list 103 denied tcp X.X.X.X (80) -> X.X.X.X (2561), 1 packet
010305: Jul 25 15:29:45.852: %SEC-6-IPACCESSLOGP: list 103 denied tcp X.X.X.X (443) -> X.X.X.X (2557), 1 packet
010303: Jul 25 15:29:41.844: %SEC-6-IPACCESSLOGP: list 103 denied tcp X.X.X.X (443) -> X.X.X.X (2551), 1 packet
010304: Jul 25 15:29:43.848: %SEC-6-IPACCESSLOGP: list 103 denied tcp X.X.X.X (80) -> X.X.X.X (2561), 1 packet
Users can connect to outlook after some time automatically. I suspect this is issue of IP Inspect for Half Opened Session.
Can anyone please suggest the way ahead?
Thanks
Rahul
ā07-26-2011 07:03 AM
Hi Rahul,
The logs seem to be for HTTP and HTTPS traffic. Can you enable "ip inspect log drop" and post the output of "sh log" here collected when the issue occurs?
Let me know.
Regards,
Anu
ā07-27-2011 01:57 AM
Hi Anu,
Please see below logs:
038100: Jul 27 09:49:05.597: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1812), 1 packet
038101: Jul 27 09:49:09.605: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1802), 1 packet
038103: Jul 27 09:49:11.621: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1824), 1 packet
038104: Jul 27 09:49:13.633: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1821), 1 packet
038105: Jul 27 09:49:15.649: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1822), 1 packet
038106: Jul 27 09:49:17.645: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1834), 1 packet
038107: Jul 27 09:49:21.469: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1864), 1 packet
038108: Jul 27 09:49:23.665: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1851), 1 packet
038109: Jul 27 09:49:25.689: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1853), 1 packet
038110: Jul 27 09:49:27.005: %FW-6-DROP_PKT: Dropping Other session XX.XX.XX.XX:1906 XX.XX.XX.XX:443 due to RST
inside current window with ip ident 1764 tcpflags 0x5014 seq.no 899228843 ack 3486318255
038111: Jul 27 09:49:27.713: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1846), 1 packet
038112: Jul 27 09:49:29.725: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1865), 1 packet
038113: Jul 27 09:49:32.737: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1905), 1 packet
038114: Jul 27 09:49:35.745: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1884), 1 packet
038115: Jul 27 09:49:37.829: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1880), 1 packet
038116: Jul 27 09:49:39.789: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1881), 1 packet
038117: Jul 27 09:49:43.817: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1916), 1 packet
038118: Jul 27 09:49:45.813: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1921), 1 packet
038119: Jul 27 09:49:46.281: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 55 packets
038120: Jul 27 09:49:47.825: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1936), 1 packet
038121: Jul 27 09:49:49.853: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1917), 1 packet
038122: Jul 27 09:49:51.849: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1944), 1 packet
038145: Jul 27 09:49:55.925: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1942), 1 packet
038146: Jul 27 09:49:57.177: %FW-6-DROP_PKT: Dropping Other session XX.XX.XX.XX:2008 XX.XX.XX.XX:443 due to RST
inside current window with ip ident 5621 tcpflags 0x5014 seq.no 500736543 ack 49297679
038147: Jul 27 09:49:57.917: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1981), 1 packet
038148: Jul 27 09:50:01.929: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1962), 1 packet
038149: Jul 27 09:50:03.013: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(2009), 1 packet
038150: Jul 27 09:50:07.929: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1990), 1 packet
038159: Jul 27 09:50:09.941: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1997), 1 packet
038162: Jul 27 09:50:13.965: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(1988), 1 packet
038164: Jul 27 09:50:15.953: %SEC-6-IPACCESSLOGP: list 103 denied tcp XX.XX.XX.XX(443) -> XX.XX.XX.XX(2034), 1 packet
Thanks
ā08-10-2011 02:00 PM
Hi Rahul,
In the logs on the router, do you se any logs related to the exchange server or the client's IP address? i can not see much because all i see acl drops and some fw drops with Xs in place of IP addresses.
Regards,
Prapanch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide