Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Network traffic problem ---- packet loss

Reply
Thread Tools

Network traffic problem ---- packet loss

 
 
bensonlei@yahoo.com.hk
Guest
Posts: n/a
 
      10-12-2005
Hi,
I have setup a complicated network as the following:

(SiteA)PIX506E ---> (SiteB)[PIX515E + Router1 ] ----> SiteC[Router2 +
LAN ]


1. SiteA + SiteB = VPN Tunnel
2. SiteB + SiteC = Routable Traffic
3. Traceroute and ping are working properly between tree sites.
4. domain name can be resolved between sites

I found that some packets lost ( from SiteA --> SiteC ), and the packet
can not be retransmitted;
But the packet can be retransmitted between SitA --> SiteB;


The packet captured as the following :


1. Packet can not be retransmitted ( SiteA -> SiteC ):

Source Destination Protocol information
172.27.29.80 172.28.0.99 SSLv2 Client Hello
172.28.0.99 172.27.29.80 SSL [TCP Previous segment lost]
Continuation Data

172.27.29.80 172.28.0.99 TCP [TCP Dup ACK 178#1] 2161 > https
[ACK] Seq=79 Ack=1 Win=65535 Len=0 SLE=1381 SRE=2223

172.28.0.99 172.27.29.80 TCP https > 2161 [RST, ACK] Seq=2223
Ack=79 Win=0 Len=0





2. Packet can be retransmitted ( SiteA -> SiteB ):

172.27.29.80 172.27.1.13 SSLv2 Client Hello
172.27.1.13 172.27.29.80 SSLv3 [TCP Previous segment lost]
Continuation Data, [Unreassembled Packet]

172.27.29.80 172.27.1.13 TCP [TCP Dup ACK 215#1] 2223 > https
[ACK] Seq=79 Ack=1 Win=65535 Len=0 SLE=1381 SRE=1548

172.27.1.13 172.27.29.80 SSLv3 [TCP Retransmission] Server
Hello, Certificate[Unreassembled Packet]

172.27.29.80 172.27.1.13 TCP 2223 > https [ACK] Seq=79
Ack=1255 Win=64281 Len=0 SLE=1381 SRE=1548

172.27.1.13 172.27.29.80 SSLv3 [TCP Retransmission]
Continuation Data, [Unreassembled Packet]

172.27.29.80 172.27.1.13 SSLv3 Client Key Exchange, Change
Cipher Spec, Encrypted Handshake Message

172.27.1.13 172.27.29.80 SSLv3 Change Cipher Spec, Encrypted
Handshake Message


Anybody has idea what the problem happened to the network ?
1. the Router blocks the packet transmission
2. The firewall blocks the packet transmission
3. the vpn tunnel blocks the packet transmission
4. the MTU value between firewalls ?
5. The VPN configuration has problem ?
6. others

Thank you so much for your input.
Benson

 
Reply With Quote
 
 
 
 
Craig
Guest
Posts: n/a
 
      10-31-2005
Hi Benson,

funny you should mention this. I've also just started seeing a similar
problem. Though from internet clients to an SSL webserver.
Again it's also via a PIX.

Odly enough, it only happens with SSLv3 and TLS. SSLv2 seems to work
just fine.

Also oddly enough, it's happening for just one site on the server and
not any of the others.

My server is however NT4 with IIS.
Have you gottent a response from anyone?

Thanks
Craig

http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> Hi,
> I have setup a complicated network as the following:
>
> (SiteA)PIX506E ---> (SiteB)[PIX515E + Router1 ] ----> SiteC[Router2 +
> LAN ]
>
>
> 1. SiteA + SiteB = VPN Tunnel
> 2. SiteB + SiteC = Routable Traffic
> 3. Traceroute and ping are working properly between tree sites.
> 4. domain name can be resolved between sites
>
> I found that some packets lost ( from SiteA --> SiteC ), and the packet
> can not be retransmitted;
> But the packet can be retransmitted between SitA --> SiteB;


[snip snip]

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Packet loss problem - PPTP VPN nibauramos Cisco 0 07-27-2010 12:37 AM
Weird BGP problem and packet loss Zed Cisco 0 02-18-2008 01:49 PM
1841 Packet loss Scott Cisco 5 03-30-2005 04:44 PM
804 Packet loss during dialer idle timeout process? Loren Amelang Cisco 3 02-07-2005 10:59 PM
wireless connection and packet loss problem Mike S Wireless Networking 0 09-18-2004 08:54 PM



Advertisments