Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1103
Views
0
Helpful
1
Replies

Problem with "TCP Handshake"

nibauramos
Level 1
Level 1

‎03-19-2012 08:53 AM - edited ‎03-04-2019 03:43 PM

Hello, I was doing a PPTP VPN in a CISCO 3800, and it wasn't working...not even the debug for pptp isakmp gave any error...it just failed connecting to the VPN concentrator (the cisco 3800). At frist I thought....well connectivity problems...some firewall anything... I launched a wireshark in my client PC to see the traffic and all that I saw was my client sending a SYN and then another SYN and another and giving up...no answer from the other side. Appears to me that traffic isn't reaching the other side.... I connected to the CISCO 3800 and did a debug ip packet and I saw the SYN from my client pc arriving and the router replied to it...but nothing returned... So I thought....well...my client pc has some sort of firewall or my home router where the client pc is connected, so I connected my client pc directly to the modem, leaving nothing between him and the internet... and what I saw puzzled me.

Connecting directly to the internet showed my that my home router was actually receiving a reply... so this goes like this:

- My pc send a TCP SYN packet to my CISCO 3800 destination port 1723 (PPTP) and source port a random number;

- The CISCO 3800 sends a reply to that SYN (SYN,ACK) to me with destination port that is the random port my home pc generated...however the source port that should be 1723 isn't..... it's something else...

My computer uppon receiving this discards the connection and sends an ICMP Unreachable to the CISCO 3800.

The thing is....why does the 3800 responds with a source port that isn't the port to where I sent the packet? I came back to the router and did a debug ip packet detail and looked at it more carefully...I must have missed something... But when I look to the output of debug ip packet the source port of the SYN,ACK is correct!!! its 1723 like it should be...so I thought... well.... the packet must be changing somewhere down the patch from the 3800 to my home pc.... The first thing I did just to be shure was:

The CISCO 3800 has its public ip configured in GigabitEthernet 0/1 , this port connects to a CISCO 3750 in port 21....so I grabbed another PC....plugged it to port 22, did a monitor session in this switch from port 21 to port 22 because I wanted to be sure at the 3800 was sending out the network......and.... in the capture from this monitor session the source port of the packet isn't 1723!!!! it's another number, that changes over time.

So....the debug ip packet says it is leaving a packet from the router with a source port...but when I capture it in the switch the packet has another source port????

I'm very very very very puzzled

Does anyone know what might be causing this? Has anyone had simillar issues?

thank you

Labels:
0 Helpful
1 Reply 1

nibauramos
Level 1
Level 1

‎03-19-2012 08:55 AM

I forgot to leave a show version of the 3800:

#show version

Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 12.4(25e), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2011 by Cisco Systems, Inc.

Compiled Wed 16-Mar-11 21:15 by prod_rel_team

ROM: System Bootstrap, Version 12.3(11r)T2, RELEASE SOFTWARE (fc1)

uptime is 5 weeks, 6 days, 19 hours, 43 minutes

System returned to ROM by power-on

System image file is "flash:c3825-adventerprisek9-mz.124-25e.bin"

0 Helpful
Customers Also Viewed These Support Documents