10-26-2010 06:32 AM - edited 03-11-2019 12:00 PM
Hi
We're getting an issue where a third party company who access an iSeries server on our internal network is periodically losing their connection to this server (they access via client software on port 23). They're coming thru a l2l VPN tunnel with no restrictions. I've checked the log files and found this for one of the client IP addresses
Deny TCP (no connection) from TALENT_SERVER/1025 to 172.17.10.129/2209 flags ACK on interface inside
where TALENT_SERVER is the server they're connecting to and 172.17.10.129 is the client address. The client usually re-connects straight away and completes the transaction without issue. Interestingly, the previous company who provided this service connected to us via a spare interface on the firewall (they were based in the next building) and had the same issue. We also have many clients on the internal network who connect without any issues which makes me think something on the firewall is causing this. Anyone got any ideas or pointers cos I'm a bit stumped?
Thanks
10-26-2010 06:39 AM
Asymetriuc routing is going on.
It's getting the ACK, but where's the SYN-ACK??
You need to check your routing - somewhere the SYN-ACK is being lost..
Assuming that this isn't a bug...
10-26-2010 07:14 AM
Hi Golly, thanks for the reply. Are you talking about the routing on the firewall, our internal routing or the routing on the 3rd party's network. Sorry if this is a dumb question, firewall admin is only part of my job so I'm no expert.
10-26-2010 07:33 AM
Rex
It could be anywhere mate - if you up a diagram that would help.
Sanitize it before you do ;-)
10-26-2010 07:49 AM
Can provide a network diagram for here but not the 3rd party's network. I've asked them for it and I'll put the inside interface of the firewall and our iSeries on the same switch in case thats causing any bother. Is there anything I can look at on the firewall which might be causing the issue?
10-27-2010 02:38 AM
Not sure if this helps but we also have a Cisco IDS system installed. No-one knows anything about it here so can't comment on it's config but is it possible that that might be causing the issues?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide