Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1471
Views
0
Helpful
4
Replies

tcp connection can not established one-way, while ping is ok.

yayasolenet
Level 1
Level 1

‎12-07-2010 09:08 PM - edited ‎03-04-2019 10:43 AM

Hi all,

I am puzzled by this for a few days, could anybody help?

Behind out internet router (cisco881), their is a private WAN with routers at site A and B. We call here the headquater with Router 881.

In headquater, we can ping any pc in site A and B and vice versa. But any tcp connection from hq to sites failed.

For example, telnet from hq to site A get the black screen back, but no command prompt.

But if telnet from site A to hq, it works.

If I port forwarding a public IP from internet router 881 to site A, we can telnet to site A using the public IP successfully.

The router 881 and the WAN router in HQ are connected to an HP switch with VLAN1 and VLAN100 configured. We replace it with a dummy hub, it works all ok. How can a VoIP switch affect this? TCP is layer4, and the switch is layer3 switch.

Thanks in advance.

Lydia

Labels:
0 Helpful
4 Replies 4

Scott Cannon
Level 1
Level 1

‎12-07-2010 09:27 PM

Do you have any ACLs/Firewall configuration on the switch?

0 Helpful

yayasolenet
Level 1
Level 1
In response to Scott Cannon

‎12-07-2010 10:17 PM

There is no ACL/Firewall configured in the switch. Below is the configuration. Basically it is only tag the ports for voice and data and it has qos configured.

J9089A Configuration Editor; Created on release #R.11.22

hostname "ProCurve Switch 2610-48-PWR"
interface 8
   name "Router10.0.0.8"
exit
interface 47
   name "DHCP Server"
exit
interface 48
   name "Mobile Extension"
exit
interface 49
   name "Mitel Controller"
exit
interface 50
   name "Uplink Data"
exit
ip default-gateway 10.0.0.8
ip routing
snmp-server community "public" Unrestricted
vlan 1
   name "Data"
   untagged 1-47,49-52
   ip address 10.0.0.56 255.255.0.0
   qos priority 2
   no untagged 48
   exit
vlan 100
   name "Voice"
   untagged 48
   ip address 10.100.1.1 255.255.255.0
   qos priority 6
   tagged 1-46,49-52
   voice
   exit
ip route 0.0.0.0 0.0.0.0 10.0.0.8
spanning-tree

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to yayasolenet

‎12-08-2010 12:14 AM

Hi,

Can you post topology and config of all routers without sensitive info of course.

Regards.

Don't forget to rate helpful posts.
0 Helpful

Scott Cannon
Level 1
Level 1
In response to yayasolenet

‎12-09-2010 05:43 PM

Let me see if I understand. You can ping TelnetServerA in SiteA from HQ but you cannot Telnet to it? Yet if you remove the HP switch it works...

If you've posted the HP config in its entirety then I'm stumped. The only difference betwee na hub and your switch is the tagging. Your tagging traffic to your router 10.0.0.8 but if ping is working ok then the router on the other end must be working ok.

Does this HP switch have any type of SPAN? Can you run netflow on your branch routers? Ideally you need to see if the traffic is leaving the switch and if it is, how/if it is mutating the traffic in any way and how far that traffic travels throughout your network.

Rgds

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card