Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
561
Views
0
Helpful
1
Replies
nibauramos
Beginner
Beginner
‎03-19-2012 08:53 AM
‎03-19-2012 08:53 AM

Problem with "TCP Handshake"

Hello, I was doing a PPTP VPN in a CISCO 3800, and it wasn't working...not even the debug for pptp isakmp gave any error...it just failed connecting to the VPN concentrator (the cisco 3800). At frist I thought....well connectivity problems...some firewall anything... I launched a wireshark in my client PC to see the traffic and all that I saw was my client sending a SYN and then another SYN and another and giving up...no answer from the other side. Appears to me that traffic isn't reaching the other side.... I connected to the CISCO 3800 and did a debug ip packet and I saw the SYN from my client pc arriving and the router replied to it...but nothing returned... So I thought....well...my client pc has some sort of firewall or my home router where the client pc is connected, so I connected my client pc directly to the modem, leaving nothing between him and the internet... and what I saw puzzled me.

Connecting directly to the internet showed my that my home router was actually receiving a reply... so this goes like this:

- My pc send a TCP SYN packet to my CISCO 3800 destination port 1723 (PPTP) and source port a random number;

- The CISCO 3800 sends a reply to that SYN (SYN,ACK) to me with destination port that is the random port my home pc generated...however the source port that should be 1723 isn't..... it's something else...

My computer uppon receiving this discards the connection and sends an ICMP Unreachable to the CISCO 3800.

The thing is....why does the 3800 responds with a source port that isn't the port to where I sent the packet? I came back to the router and did a debug ip packet detail and looked at it more carefully...I must have missed something... But when I look to the output of debug ip packet the source port of the SYN,ACK is correct!!! its 1723 like it should be...so I thought... well.... the packet must be changing somewhere down the patch from the 3800 to my home pc.... The first thing I did just to be shure was:

The CISCO 3800 has its public ip configured in GigabitEthernet 0/1 , this port connects to a CISCO 3750 in port 21....so I grabbed another PC....plugged it to port 22, did a monitor session in this switch from port 21 to port 22 because I wanted to be sure at the 3800 was sending out the network......and.... in the capture from this monitor session the source port of the packet isn't 1723!!!! it's another number, that changes over time.

So....the debug ip packet says it is leaving a packet from the router with a source port...but when I capture it in the switch the packet has another source port????

I'm very very very very puzzled

Does anyone know what might be causing this? Has anyone had simillar issues?

thank you

Labels:
0 Helpful
1 REPLY 1
nibauramos
Beginner
Beginner
‎03-19-2012 08:55 AM
‎03-19-2012 08:55 AM

I forgot to leave a show version of the 3800:

#show version

Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 12.4(25e), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2011 by Cisco Systems, Inc.

Compiled Wed 16-Mar-11 21:15 by prod_rel_team

ROM: System Bootstrap, Version 12.3(11r)T2, RELEASE SOFTWARE (fc1)

uptime is 5 weeks, 6 days, 19 hours, 43 minutes

System returned to ROM by power-on

System image file is "flash:c3825-adventerprisek9-mz.124-25e.bin"

0 Helpful
Latest Contents
AppDynamics
Created by mclymer on 06-30-2022 09:46 AM
0
0
0
0
Cisco Champion Radio: S9|E25 SD-WAN and Ubiquitous Cloud Sec...
Created by Amilee San Juan on 06-29-2022 02:35 PM
1
5
1
5
Listen: https://smarturl.it/CCRS9E25 Follow us: twitter.com/ciscochampions With applications and users everywhere, the networks are now, more than ever, being tasked with delivering consistent protection while providing an exceptional user exper... view more
Cisco Champion Radio: S9|E24 Cisco Radio Aware Routing
Created by Amilee San Juan on 06-28-2022 01:30 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E24 Follow us: https://twitter.com/CiscoChampion  Cisco Radio Aware Routing addresses several of the challenges faced when merging IP routing and radio communications in mobile networks, especially those exhibiti... view more
Cisco Champion Radio: S9|E23 The Cisco Catalyst 9136 Wi-Fi 6...
Created by Amilee San Juan on 06-28-2022 01:21 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E23 Follow us: https://twitter.com/CiscoChampion The Wi-Fi 6E Catalyst 9136 access point takes advantage of the 6-GHz band to produce a network that is more reliable and secure, with higher throughput, more ... view more
DR and the Type-2 LSA in OSPFv3 versus OSPFv2
Created by Meddane on 06-24-2022 04:35 PM
0
0
0
0
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes. L... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad