Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   What stops the handshake (http://www.velocityreviews.com/forums/t377172-what-stops-the-handshake.html)

professorguy 12-12-2006 09:33 PM

What stops the handshake
 
I want to establish a socket connection to a remote machine. I have this simple ACL:

SITE A
------
access-list acl_inside permit ip host 10.1.1.1 host 20.2.2.2
access-group acl_inside in interface inside

At remote SITE B, they have no access-list applied to the inside interface, so all traffic should be allowed back out.

I can ping the remote machine so the basic connectivity is there, but I cannot establish a tcp session so I don't seem to be receiving the SYN-ACK from them. What could stop it?

Just to make it a bit more interesting, there's a vpn tunnel between the sites, but it seems to be up and running fine (and the ping works across it). Since both sides do a sysopt connection permit-ipsec, the outside interface ACLs are not consulted here.

Any ideas would be useful. TIA.

professorguy 12-20-2006 11:01 PM

What stopped it.
 
Because the static NAT being done on the remote end was incorrect, I asked for one machine (the intended mapped address) but got a different one (the actual mapped address). That one had no listener bound to the port I was telnetting to.

Ethereal quickly revealed that I was getting RST/ACKs which of course are tcp refusals. Once the addressing was fixed, the correct machine answered with SYN/ACKs as normal.


All times are GMT. The time now is 03:19 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.