app not working on some workstations over VPN

jonl711 · ‎05-22-2004

First let me say I'm a newbie, so I may not have all the Cisco lingo down.

Our setup is as follows:

Mysql server sits behind firewall which is connected to a 2621 Router with VPN functions. This LAN (A)connects to another LAN (B)with a 837 router to a SMC switch where the user (3) are in a P2P network. LAN-B accesses the mysql database via a VB frontend client on Windows 9x/2000. Of the 3 clients only 1 works (W98) the other 2 W98 and W2K does not although all settings are identical.

Did a traffic capture on each workstation using ethereal and both the firewall gateway server and mysql server. What we've seen on the W98 wkstn is it sends a ACK on a sequence that was never sent and on the W2K wkstn it send a RST. We cannot figure out why this is happening. Does anyone have any ideal what is happening or is there something else we can do to look into it further?

Appreciate any help on this one.

ehirsel · ‎05-24-2004

It sounds like asymetrical routing could be the issue, such as the firewall seeing a packet before it is supposed to. However to be sure, I want to make sure that I understand your topology correctly.

What I understand is that your users are connected off of the SMC swich along with an 837 router link. This is lan B. How does lan B connect to lan A. Is there another link off of the 837 router to another switch? Or does the 837 have a built-in switch that the 2621 router connects to?

Other than static routes, are there any routing protocols defined and active on your network?

What about NAT/PAT? Do any of the firewall, the 837, or the 2621 devices use it? If so, is it used on more than one device?

From what I could tell, the mysql server uses the firewall as the default gateway, the firewall uses the 2621 router as the default gateway, the users in lan B have the 837 as the default gateway. Also, all P2P users are on the same ip subnet. Is that correct?