What stops the handshake
I want to establish a socket connection to a remote machine. I have this simple ACL:
access-list acl_inside permit ip host 10.1.1.1 host 126.96.36.199
access-group acl_inside in interface inside
At remote SITE B, they have no access-list applied to the inside interface, so all traffic should be allowed back out.
I can ping the remote machine so the basic connectivity is there, but I cannot establish a tcp session so I don't seem to be receiving the SYN-ACK from them. What could stop it?
Just to make it a bit more interesting, there's a vpn tunnel between the sites, but it seems to be up and running fine (and the ping works across it). Since both sides do a sysopt connection permit-ipsec, the outside interface ACLs are not consulted here.
Any ideas would be useful. TIA.
What stopped it.
Because the static NAT being done on the remote end was incorrect, I asked for one machine (the intended mapped address) but got a different one (the actual mapped address). That one had no listener bound to the port I was telnetting to.
Ethereal quickly revealed that I was getting RST/ACKs which of course are tcp refusals. Once the addressing was fixed, the correct machine answered with SYN/ACKs as normal.
|All times are GMT. The time now is 03:19 AM.|
Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.