Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   What stops the handshake (http://www.velocityreviews.com/forums/t377172-what-stops-the-handshake.html)

professorguy 12-12-2006 09:33 PM
What stops the handshake
 
I want to establish a socket connection to a remote machine. I have this simple ACL:

SITE A
------
access-list acl_inside permit ip host 10.1.1.1 host 20.2.2.2
access-group acl_inside in interface inside

At remote SITE B, they have no access-list applied to the inside interface, so all traffic should be allowed back out.

I can ping the remote machine so the basic connectivity is there, but I cannot establish a tcp session so I don't seem to be receiving the SYN-ACK from them. What could stop it?

Just to make it a bit more interesting, there's a vpn tunnel between the sites, but it seems to be up and running fine (and the ping works across it). Since both sides do a sysopt connection permit-ipsec, the outside interface ACLs are not consulted here.

Any ideas would be useful. TIA.

professorguy 12-20-2006 11:01 PM
What stopped it.
 
Because the static NAT being done on the remote end was incorrect, I asked for one machine (the intended mapped address) but got a different one (the actual mapped address). That one had no listener bound to the port I was telnetting to.

Ethereal quickly revealed that I was getting RST/ACKs which of course are tcp refusals. Once the addressing was fixed, the correct machine answered with SYN/ACKs as normal.


All times are GMT. The time now is 04:14 AM.

Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57