Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
0
Helpful
5
Replies

Occasional problems in sending TCP/5000 traffic over IPSec tunnel

baskervi
Level 1
Level 1

‎09-08-2005 01:49 AM - edited ‎02-21-2020 01:57 PM

I've been battling an intermittent LAN-to-LAN VPN problem between two PIX-525's. A financial system at one location uses TCP/5000 for communications. Traffic usually flows from the remote network over the VPN tunnel to the financial system just fine. On occasion seemingly all traffic EXCEPT to TCP/5000 appears to flow fine across the tunnel. The financial system may have this port inaccessible for a few hours to a few days, and it eventually starts working again for some unknown reason. When I do a port scan across the tunnel to the financial system, all port except TCP/5000 show up. This port is also used for uPnP, but I don't see a relationship given that the packets are destined for a specific host.

Thanks for any ideas.

Labels:
0 Helpful
5 Replies 5

umedryk
Level 5
Level 5

‎09-15-2005 06:14 AM

I can think of one issue that could be causing the problem. Is there a redundant path between the two end points of the tunnel ? If this is the case, it would have not been properly configured for the tunnel for the return trafffic when the primary link is down. My two cents...

0 Helpful

baskervi
Level 1
Level 1
In response to umedryk

‎09-15-2005 08:26 AM

One thing I didn't add to the initial post is that I turned on a sniffer at the remote end, and the packets destined for TCP/5000 don't make it to the destination. But again, all other traffic does. I haven't put a sniffer just inside the PIX internal interface on the source end, which is probably a good thing to try next. Thanks for the response.

0 Helpful

jackko
Level 7
Level 7
In response to baskervi

‎09-15-2005 06:46 PM

when you mentioned all other traffic does work, do you mean the same server as well or the rest of the lan?

if all traffic does work on the same server except tcp5000, just wondering if the local user can get to it or not. maybe the service is not running on the server.

0 Helpful

baskervi
Level 1
Level 1
In response to jackko

‎09-16-2005 04:26 AM

Yes, only TCP/5000 stops working. All other sites (locally and remote) can reach this port with the exception of this one site.

0 Helpful

jackko
Level 7
Level 7
In response to baskervi

‎09-16-2005 08:23 AM

may use the command "capture" to further understand how the traffic being sent and received. all you need to do is to create an acl (i.e. tcp 5000) and apply it to an interface.

0 Helpful
Customers Also Viewed These Support Documents