1721 resetting port 80 tcp connections - troubleshooting

Discussion in 'Cisco' started by Boris, Apr 2, 2004.

  1. Boris

    Boris Guest

    I have a 1721 with ios 12.3(7)T (image c1700-k9o3sy7-mz.123-7.T.bin)
    which works wonderfully well... for awhile. With no warning, outward
    signs or periodicity it suddenly starts sending tcp resets to clients
    attempting to connect to port 80 from the outside.

    This router is configured to do a lot of things and all other
    functionality tests out fine while it is killing port 80 connections.
    Amongst the many other things it is doing successfully: port-mapping
    tftp traffic, port-mapping smtp traffic, port-mapping sntp traffic,
    port-mapping syslog traffic, site-to-site vpn tunnel with an 827 over
    an adsl connection, vpn client connections, acl's, split vpn tuneling,
    etc.

    I've exhausted all the troubleshooting tricks I know. Basically:

    o "sh access-lists" shows that the incoming client connection requests
    for port 80 are permitted by the acl on the d0 interface.

    o Port mapping to the web server is configured in the customary
    manner:
    ip nat inside source static tcp 10.0.0.5 80 interface dialer0 80 !www

    o cbac is being used, but NOT for port 80 traffic:
    ! following rem'd - reported problems with java - rely on tcp
    inspection
    ! ip inspect name my-out-rules http alert on timeout 3600

    o Logs files on the destination web server show no http requests or
    other evidence of the connection attempt.

    o Running snort on the same network as the web server shows no http
    requests or other evidence of the connection attempt.

    o The only debugging output I've examined is "debug ip packets detail"
    which yields:
    Mar 30 10:52:25: IP: s=111.111.111.111 (Dialer0), d=222.222.222.222
    (Dialer0), len 48, rcvd 3
    Mar 30 10:52:25: TCP src=3575, dst=80, seq=2003803651, ack=0,
    win=16384 SYN
    Mar 30 10:52:25: IP: s=222.222.222.222 (local), d=111.111.111.111
    (Dialer0), len 40, sending
    Mar 30 10:52:25: TCP src=80, dst=3575, seq=0, ack=2003803652, win=0
    ACK RST


    Is this possibly a hardware problem? An ios bug perhaps? Could cbac be
    the culprit? Can anyone offer some suggestions?
     
    Boris, Apr 2, 2004
    #1
    1. Advertisements

  2. Boris

    Rik Bain Guest

    Do you have ip audit configured by chance?

    Rik Bain
     
    Rik Bain, Apr 2, 2004
    #2
    1. Advertisements

  3. Boris

    Boris Guest

    Thanks for the suggestion, Rik.

    I checked the ip audit stats (and the cbac stats as well) and found
    nothing unusual.

    After downgrading to limited deployment IOS 12.2(7r)XM1, RELEASE
    SOFTWARE (fc1) c1700-k9o3sy7-mz.123-6.bin, the router has been up for
    the past 72 hours with no signs of the problem. Seems it's another ios
    bug <sigh>...
     
    Boris, Apr 6, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.