I am facing an issue with 1521 port

sankar.ramoju · ‎07-06-2017

Hi Guys,

We have a VPN tunnel between my ASA firewall to the client location. The tunnel is up and fine, we are able to ping and traceroute their end ips. but we are unable to telnet 1521 port to their end ip. but with same ip I am able to telnet 3389,139,1433 ports.

in my logs

Teardown TCP connection 2267574309 for External:10.202.16.54/1521 to internal:10.210.23.152/53480 duration 0:00:30 bytes 0 SYN Timeout

Build outbound TCP connection 2267574309 for External:10.202.16.54/1521 (10.202.16.54/1521) to internal:10.210.23.152/53480 (192.168.200.152/53480)

I took support from CISCO TAC team, they are saying the issue with remote end firewall.

Can anyone help me, to resolve this issue.

Thanks in advance

Karsten Iwen · ‎07-06-2017

"SYN Timeout" means that nothing comes back after the first packet of the TCP 3-Way handshake. Am I right that this log is from the firewall where the PC initiating the connection is located? Then you have to troubleshoot it on the other side. Can you capture traffic on the remote firewall? Look if the traffic is sent to the destination and if something is coming back. You say that you can successfully ping the devices and use other ports. With that it's likely that an internal device on the other side is filtering the traffic.

sankar.ramoju · ‎07-06-2017

Hi Karsten,

Thanks for the response.

We are able to telnet 3389, 139, 1433 ports, but with 1521port only we are getting syn timeout.

My client said, they didn't put any port restriction at their end.they have allowed all ports. 20days back we are able to access that port but From last 20days only we are not able to telnet that port.

And one more thing, from their server to my server we are able to ping and traceroute only. We are unable to telnet even a single port.

Please show me the path to sortout this issue.

Thanks in advance.