Router debug
in [Cisco]
|
From: terrydoc on 23 Jun 2008 07:06 Users cannot connect to the applications but can PING the app servers (10.10.10.130/134/135) - these are NATted - users see them as 192.168.0.42/37/35. Any suggestions on what the router debug output is saying? 3725_Backup# *Mar 1 00:11:12: %ISDN-6-CONNECT: Interface BRI1/0:1 is now connected to xxxxxxx 3725_Backup# show ip nat trans Pro Inside global Inside local Outside local Outside global --- 10.10.10.130 192.168.0.42 --- --- --- 10.10.10.134 192.168.0.37 --- --- --- 10.10.10.135 192.168.0.35 --- --- 3725_Backup# ********************************************************************************** w client logon attempt 3725_Backup# debug ip packet detail 17:42:35: IP: s=10.10.10.130 (Dialer4), d=10.10.10.135, len 48, rcvd 2 17:42:35: TCP src=2739, dst=3200, seq=3212891754, ack=0, win=32768 SYN 17:42:35: IP: s=10.10.10.135 (local), d=10.10.10.130 (Dialer4), len 40, sending 17:42:35: TCP src=3200, dst=2739, seq=0, ack=3212891755, win=0 ACK RST 17:42:35: IP: s=10.10.10.130 (Dialer4), d=10.10.10.135, len 48, rcvd 2 17:42:35: TCP src=2739, dst=3200, seq=3212891754, ack=0, win=32768 SYN 17:42:35: IP: s=10.10.10.135 (local), d=10.10.10.130 (Dialer4), len 40, sending 17:42:35: TCP src=3200, dst=2739, seq=0, ack=3212891755, win=0 ACK RST 17:42:36: IP: s=10.10.10.130 (Dialer4), d=10.10.10.135, len 48, rcvd 2 17:42:36: TCP src=2739, dst=3200, seq=3212891754, ack=0, win=32768 SYN 17:42:36: IP: s=10.10.10.135 (local), d=10.10.10.130 (Dialer4), len 40, sending 17:42:36: TCP src=3200, dst=2739, seq=0, ack=3212891755, win=0 ACK RST
From: Thrill5 on 24 Jun 2008 01:18 It's showing that the source IP 10.10.10.130 is attempting to connect to 10.10.10.135 on port 3200 (The SYN packet). The server then responds with a RST packet, which indicates that no application is listening on port 3200. The source and destination are all inside networks (all on the 10.10.10.x network), so no NATing is being done <terrydoc(a)o2.ie> wrote in message news:a4e0e42a-3314-4837-836c-fce4053830ec(a)p25g2000hsf.googlegroups.com... > Users cannot connect to the applications but can PING the app servers > (10.10.10.130/134/135) - these are NATted - users see them as > 192.168.0.42/37/35. Any suggestions on what the router debug output is > saying? > > 3725_Backup# > *Mar 1 00:11:12: %ISDN-6-CONNECT: Interface BRI1/0:1 is now connected > to xxxxxxx > 3725_Backup# show ip nat trans > Pro Inside global Inside local Outside local Outside > global > --- 10.10.10.130 192.168.0.42 --- --- > --- 10.10.10.134 192.168.0.37 --- --- > --- 10.10.10.135 192.168.0.35 --- --- > > 3725_Backup# > ********************************************************************************** > w client logon attempt > > 3725_Backup# debug ip packet detail > 17:42:35: IP: s=10.10.10.130 (Dialer4), d=10.10.10.135, len 48, rcvd 2 > 17:42:35: TCP src=2739, dst=3200, seq=3212891754, ack=0, win=32768 > SYN > > 17:42:35: IP: s=10.10.10.135 (local), d=10.10.10.130 (Dialer4), len > 40, sending > 17:42:35: TCP src=3200, dst=2739, seq=0, ack=3212891755, win=0 ACK > RST > > 17:42:35: IP: s=10.10.10.130 (Dialer4), d=10.10.10.135, len 48, rcvd 2 > 17:42:35: TCP src=2739, dst=3200, seq=3212891754, ack=0, win=32768 > SYN > > 17:42:35: IP: s=10.10.10.135 (local), d=10.10.10.130 (Dialer4), len > 40, sending > 17:42:35: TCP src=3200, dst=2739, seq=0, ack=3212891755, win=0 ACK > RST > > 17:42:36: IP: s=10.10.10.130 (Dialer4), d=10.10.10.135, len 48, rcvd 2 > 17:42:36: TCP src=2739, dst=3200, seq=3212891754, ack=0, win=32768 > SYN > > 17:42:36: IP: s=10.10.10.135 (local), d=10.10.10.130 (Dialer4), len > 40, sending > 17:42:36: TCP src=3200, dst=2739, seq=0, ack=3212891755, win=0 ACK > RST
From: terrydoc on 24 Jun 2008 04:07 Thanks for the reply, I'm sorry as in my original post I had changed some of the IP addresses and it appeared that the source and destination are all in the same network - this is not the case - see the correct debug output here. I know the client (10.0.18.35) can ping the NATted addresses (10.0.0.130/134/135) - so NATting is working ok. But when the client tries to access the application I get... 3725_Backup# 17:42:35: IP: s=10.0.18.35 (Dialer4), d=10.0.0.135, len 48, rcvd 2 17:42:35: TCP src=2739, dst=3200, seq=3212891754, ack=0, win=32768 SYN 17:42:35: IP: s=10.0.0.135 (local), d=10.0.18.35 (Dialer4), len 40, sending 17:42:35: TCP src=3200, dst=2739, seq=0, ack=3212891755, win=0 ACK RST 17:42:35: IP: s=10.0.18.35 (Dialer4), d=10.0.0.135, len 48, rcvd 2 17:42:35: TCP src=2739, dst=3200, seq=3212891754, ack=0, win=32768 SYN 17:42:35: IP: s=10.0.0.135 (local), d=10.0.18.35 (Dialer4), len 40, sending 17:42:35: TCP src=3200, dst=2739, seq=0, ack=3212891755, win=0 ACK RST *************************************************************************************** Is it still the case that the app isn't listening on port 3200? On Jun 24, 6:18 am, "Thrill5" <nos...(a)somewhere.com> wrote: > It's showing that the source IP 10.10.10.130 is attempting to connect to > 10.10.10.135 on port 3200 (The SYN packet). The server then responds with a > RST packet, which indicates that no application is listening on port 3200. > The source and destination are all inside networks (all on the 10.10.10.x > network), so no NATing is being done > > <terry...(a)o2.ie> wrote in message > > news:a4e0e42a-3314-4837-836c-fce4053830ec(a)p25g2000hsf.googlegroups.com... > > > Users cannot connect to the applications but can PING the app servers > > (10.10.10.130/134/135) - these are NATted - users see them as > > 192.168.0.42/37/35. Any suggestions on what the router debug output is > > saying? >
From: terrydoc on 24 Jun 2008 14:58 On Jun 24, 9:07 am, "terry...(a)o2.ie" <terry...(a)o2.ie> wrote: > Thanks for the reply, I'm sorry as in my original post I had changed > some of the IP addresses and it appeared that the source and > destination are all in the same network - this is not the case - see > the correct debug output here. I know the client (10.0.18.35) can ping > the NATted addresses (10.0.0.130/134/135) - so NATting is working ok. > But when the client tries to access the application I get... > 3725_Backup# > 17:42:35: IP: s=10.0.18.35 (Dialer4), d=10.0.0.135, len 48, rcvd 2 > 17:42:35: TCP src=2739, dst=3200, seq=3212891754, ack=0, win=32768 > SYN > > 17:42:35: IP: s=10.0.0.135 (local), d=10.0.18.35 (Dialer4), len 40, > sending > 17:42:35: TCP src=3200, dst=2739, seq=0, ack=3212891755, win=0 ACK > RST > > 17:42:35: IP: s=10.0.18.35 (Dialer4), d=10.0.0.135, len 48, rcvd 2 > 17:42:35: TCP src=2739, dst=3200, seq=3212891754, ack=0, win=32768 > SYN > > 17:42:35: IP: s=10.0.0.135 (local), d=10.0.18.35 (Dialer4), len 40, > sending > 17:42:35: TCP src=3200, dst=2739, seq=0, ack=3212891755, win=0 ACK > RST > *************************************************************************************** > Is it still the case that the app isn't listening on port 3200? > > On Jun 24, 6:18 am, "Thrill5" <nos...(a)somewhere.com> wrote: > > > It's showing that the source IP 10.10.10.130 is attempting to connect to > > 10.10.10.135 on port 3200 (The SYN packet). The server then responds with a > > RST packet, which indicates that no application is listening on port 3200. > > The source and destination are all inside networks (all on the 10.10.10.x > > network), so no NATing is being done > > > <terry...(a)o2.ie> wrote in message > > >news:a4e0e42a-3314-4837-836c-fce4053830ec(a)p25g2000hsf.googlegroups.com... > > > > Users cannot connect to the applications but can PING the app servers > > > (10.10.10.130/134/135) - these are NATted - users see them as > > > 192.168.0.42/37/35. Any suggestions on what the router debug output is > > > saying? OK it is sorted... I had the Dialer interface on the router set up without "ip nat outside". It is unusual though, as once the router has the static NATs configured the router responds to the remote PING requests even if the 3 server are plugged out of the network...
|
Pages: 1 Prev: Broadband Cisco core Network Next: LAN-to-LAN and nat within |