11-15-2007 05:36 PM - edited 03-05-2019 07:27 PM
Strange situation. Have a company with two physical sites connected via a point-to-point T1. On each end of the T1 are old Cisco 1602R routers. The problem is actually with Exchange servers failing to talk to each other properly. Site A is main office and Site B is branch office. Each site contains 1 Exchange server and the sites are supposed to talk over this p-t-p connection. I cannot use telnet to connect from site A to site B over port 25. I can however, connect from site B to site A over port 25.
Essentially, the communication between these Exchange servers is failing because messages cannot go from site A to site B, but can go from site B to site A.
The interesting thing is that I can use telnet from site A to site B using a different port, say 691 which is also used with Exchange and it works fine.
I can telnet into site B router and establish a telnet session to the Exchange server in site B.
The problem is router A. For some reason, it will not allow requests over port 25 to go through.
Any clue???
11-15-2007 07:16 PM
James
When some traffic does work but traffic on a particular port does not work my first guess is that there is an access list that is blocking.
If you would post the config of both routers we would more likely be able to identify the problem.
HTH
Rick
11-16-2007 04:23 AM
OK. I am trying to clean up the previous admin's mess.
Site A: I think the problem is on this router.
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service
password-encryption
!
hostname NY_router
!
enable password "xxxx"
!
!
ip subnet-zero
no ip domain-lookup
!
process-max-time 200
!
interface Ethernet0
description connected to NY_LAN
ip address 192.168.110.1 255.255.255.0
no ip directed-broadcast
no keepalive
!
interface Serial0
description 56k CSU/DSU NOT USED
no ip address
no ip directed-broadcast
encapsulation ppp
no fair-queue
service module 56k clock source line
service module 56k network-type dds
!
interface Serial1
description connected to GA router via t1
bandwidth 1120
ip address 10.1.2.1 255.255.255.0
no ip directed-broadcast
encapsulation ppp
no fair-queue
service-module t1 timeslots 1-20
service-module t1 remote-alarm-enable
!
no ip classless
ip route 0.0.0.0 0.0.0.0 192.168.110.6
ip route 192.168.120.0 255.255.255.0 10.1.2.2
no ip http server
!
!
line con 0
exec timeout 0 0
password "xxx"
login
transport input none
line vty 0 4
password "xxx"
login
!
end
192.168.110.6 is another gateway on the lan subnet that is connected to a sonicwall and then to the Internet.
11-16-2007 04:34 AM
Site B:
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname GA-router
!
enable password "xxxx"
ip subnet-zero
no ip domain-lookup
!
interface Ethernet0
description connected to GA_LAN
ip address 192.168.120.1 255.255.255.0
no ip directed-broadcast
!
interface Serial0
description 56k CSU/DSU NOT USED
no ip address
no ip address directed-broadcast
encapsulation ppp
shutdown
service module 56k clock source internal
service module 56k network-type dds
!
interface Serial1
description connected to NY via t1
ip address 10.1.2.2 255.255.255.0
no ip address directed-broadcast
bandwidth 1120
service-module t1 timeslots 1-20
service-module t1 remote-alarm-enable
!
no ip classless
ip route 0.0.0.0 0.0.0.0 192.168.120.2
ip route 0.0.0.0 0.0.0.0 192.168.110.1 2
ip route 192.168.110.0 255.255.255.0 10.1.2.1
ip route 192.168.110.0 255.255.255.0 192.168.120.2 2
!
line con 0
exec-timeout 0 0
password "xxx"
login
transport input none
line vty 0 4
password "xxx"
login
!
end
192.168.120.2 is connected to a sonicwall and out to the Internet. This serves as a backup vpn between the offices.
11-16-2007 04:39 AM
I do not see anything in this router config that would produce the symptoms that you describe. Can you post the config of the other router?
I do see a couple of things in this config that I would question - though I do not believe that they are related to the symptoms that you describe:
- interface Ethernet 0 is configured with no keepalive. Why is this? It is generally best practice to have keepalive on LAN interfaces?
- no ip classless is configured. This is a very old practice and in general we are better off to configure ip classless. Though with 1 static default route and 1 static network route it probably does not have much impact either way.
HTH
Rick
11-16-2007 04:47 AM
James
You posted the config of the second router while I was making my prior response. Thanks for posting the other config.
I do not see anything in the second config that would produce the symptom that you describe. And I went back and re-read the entire thread. I wonder about this statement in the original post:
I can telnet into site B router and establish a telnet session to the Exchange server in site B.
When you telnet to site B and telnet to the Exchange server is that a normal telnet or a telnet on port 25?
HTH
Rick
11-16-2007 05:27 AM
port 25.
I just changed the port on the exchange server to port 30 and I can now connect to the exchange server on port 30 from site A.
Port 25 is being blocked on site A's router somehow. I have no idea how that could happen.
11-16-2007 06:06 AM
silly question that i presume youve already checked... though is there any chance you did a:
show startup
and not a:
show run
i suppose you could have a startup config thats not what youre actually running?
you could try a:
show access-lists
or
show interfaces
to see if there are indeed any active acls or acls applied to any interfaces
11-16-2007 06:28 AM
I did a show run!! good thought though.
But I will check the startup config and the access lists.
11-16-2007 06:32 AM
Here is the results from show access-lists and then show int
NY_router#show access-lists
NY_router#show int
Ethernet0 is up, line protocol is up
Hardware is QUICC Ethernet, address is 00d0.bae0.29ec (bia 00d0.bae0.29ec)
Description: connected to NY_LAN
Internet address is 192.168.110.1/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 5232 drops; input queue 0/75, 0 drops
5 minute input rate 13000 bits/sec, 11 packets/sec
5 minute output rate 11000 bits/sec, 7 packets/sec
25357744 packets input, 3623322221 bytes, 8 no buffer
Received 17250795 broadcasts, 0 runts, 0 giants, 138875 throttles
3767 input errors, 1 CRC, 3766 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
9747530 packets output, 2071818853 bytes, 0 underruns
1098 output errors, 361077 collisions, 1 interface resets
0 babbles, 0 late collision, 129386 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Serial0 is down, line protocol is down
Hardware is QUICC Serial (with onboard CSU/DSU)
Description: 56k csu/dsu NOT USED
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
LCP Closed
Closed: CDPCP
Last input never, output never, output hang never
Last clearing of "show interface" counters 8w2d
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=down DSR=down DTR=up RTS=up CTS=up
Serial1 is down, line protocol is down
Hardware is QUICC Serial (with FT1 CSU/DSU WIC)
Description: connected to GA router via t1
Internet address is 10.1.2.1/24
MTU 1500 bytes, BW 1120 Kbit, DLY 20000 usec,
reliability 202/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
LCP Closed
Closed: IPCP, CDPCP
Last input 8w1d, output 8w1d, output hang never
Last clearing of "show interface" counters 8w2d
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
11752 packets input, 753596 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
7351 input errors, 27 CRC, 5803 frame, 0 overrun, 0 ignored, 1521 abort
7490 packets output, 104860 bytes, 0 underruns
0 output errors, 0 collisions, 683 interface resets
0 output buffer failures, 0 output buffers swapped out
3 carrier transitions
DCD=down DSR=up DTR=up RTS=up CTS=down
NY_router#
11-16-2007 11:45 AM
Here's another weird thing for you. On both routers, the serial1 interface shows that it is down. Yet I can get access both sites and ping, etc.
This is what I am seeing: serial1 is down, line protocol is down.?????
User Access Verification
Password:
NY_router>en
Password:
NY_router#sh int s1
Serial1 is down, line protocol is down
Hardware is QUICC Serial (with FT1 CSU/DSU WIC)
Description: connected to GA router via t1
Internet address is 10.1.2.1/24
MTU 1500 bytes, BW 1120 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
LCP Closed
Closed: IPCP, CDPCP
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:06:53
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=down DSR=up DTR=up RTS=up CTS=down
11-16-2007 12:33 PM
James
I missed this clue in your earlier post. :(
I believe that it is quite helpful in understanding what the issue may be. The serial interface does show as down and that means that no data is flowing over the serial interface. Your earlier post indicates that there is a VPN connection which serves as a backup and I believe that data is flowing over that backup connection. There are several ways that you can verify this:
- do a show ip route on either or both routers and I believe that you will see that the route between the sites is over the backup.
- do a traceroute from NY to GA or from a host in NY to a host in GA. I believe that you will see that the responding interface is not the serial interface but is the VPN path.
This may also help explain the problem with port 25 in GA. If the data is passing through the sonicwall/VPN then there is a possibility that one of the sonicwall is denying that traffic.
HTH
Rick
11-16-2007 12:38 PM
OK. I did a show ip route on the ny router and this is what I get:
Does that confirm your statement?
User Access Verification
Password:
NY_router>en
Password:
NY_router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.110.6 to network 0.0.0.0
C 192.168.110.0/24 is directly connected, Ethernet0
S* 0.0.0.0/0 [1/0] via 192.168.110.6
NY_router#
11-16-2007 12:40 PM
This is from the GA router:
User Access Verification
Password:
GA_router>en
Password:
GA_router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is 192.168.120.2 to network 0.0.0.0
S 192.168.110.0/24 [2/0] via 192.168.120.2
C 192.168.120.0/24 is directly connected, Ethernet0
S* 0.0.0.0/0 [1/0] via 192.168.120.2
GA_router#
11-16-2007 12:49 PM
James
Yes this is exactly the confirmation that I thought we would get. Notice here that the route to 192.168.110.0/24 has 192.168.120.2 as its next hop. That is the sonicwall/VPN and not the serial link.
So the traffic is definitely flowing through the VPN and not over the serial.
And I think that makes the sonicwall the primary suspect in what is the problem with port 25.
If you find the problem with the serial link and fix it I suspect that the port 25 problem will go away.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide