Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trouble establishing TCP session across router

Status
Not open for further replies.
dozier

dozier

MIS
Apr 17, 2001
88
US
Greetings and thanks for looking.

I'm using a Cisco 2801 running IOS 12.4. I have an application attempting to establish a TCP session across this router and what I see is the following (running a debbug on said router):

Client sends SYN.
Server recieves SYN and responds with SYN ACK.
*Router* responds to Server with RST.

Here is the debug I'm referring to:

Code: 
14:25:23.744: IP: tableid=0, s=172.16.100.83 (FastEthernet0/0), d=172.16.250.121 (Serial0/2/0.402), routed via RIB
14:25:23.744: IP: s=172.16.100.83 (FastEthernet0/0), d=172.16.250.121 (Serial0/2/0.402), g=172.16.24.77, len 48, forward
14:25:23.748:     TCP src=49170, dst=7003, seq=3007427180, ack=0, win=32768 SYN

14:25:23.788: IP: tableid=0, s=172.16.250.121 (Serial0/2/0.402), d=172.16.100.83 (FastEthernet0/0), routed via RIB
14:25:23.788: IP: s=10.98.65.6 (Serial0/2/0.402), d=10.98.65.135, len 44, rcvd 6
14:25:23.788:     TCP src=7003, dst=49170, seq=1927556149, ack=3007427181, win=8192 ACK SYN

14:25:23.792: tcp0: I LISTEN 10.98.65.6:7003 10.98.65.135:49170 seq 1927556149
        OPTS 4 ACK 3007427181 SYN  WIN 8192
14:25:23.792: TCP: input 10.98.65.6(7003) -> 49170: ACK while in LISTEN
14:25:23.792: TCP: sending RST, seq 3007427181, ack 0
14:25:23.792: TCP: sent RST to 10.98.65.6:7003 from 10.98.65.135:49170

14:25:23.792: IP: tableid=0, s=172.16.100.83 (local), d=172.16.250.121 (Serial0/2/0.402), routed via RIB
14:25:23.792: IP: s=172.16.100.83 (local), d=172.16.250.121 (Serial0/2/0.402), len 40, sending
14:25:23.792:     TCP src=49170, dst=7003, seq=3007427181, ack=0, win=0 RST

The reason I say the router is sending the RST is because on the third packet in the debug the source is "local" instead of an interface. Plus, the TCP debug explicity says "sending RST".

Both inside and outside addresses are being NAT'ed. Here is the rest of the config:

Code: 
interface FastEthernet0/0
 description Customer LAN
 ip address 10.98.65.6 255.255.255.0
 ip nat outside
 no ip route-cache
 ip tcp adjust-mss 1300
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/2/0
 bandwidth 128
 no ip address
 encapsulation frame-relay IETF
 no ip route-cache
 no fair-queue
 service-module t1 timeslots 1-2
!
interface Serial0/2/0.402 point-to-point
 bandwidth 128
 ip address 172.16.24.78 255.255.255.252
 ip nat inside
 no ip route-cache
 ip ospf message-digest-key 1 md5 7 *****
 ip ospf hello-interval 5
 ip ospf dead-interval 15
 frame-relay class pvc5632ka
 frame-relay interface-dlci 402 IETF   
 frame-relay payload-compression FRF9 stac
!
interface Serial0/2/0.502 point-to-point
 bandwidth 128
 ip address 172.19.24.78 255.255.255.252
 ip nat outside
 no ip route-cache
 ip ospf message-digest-key 1 md5 7 *****
 ip ospf hello-interval 5
 ip ospf dead-interval 15
 frame-relay class pvc5632ka
 frame-relay interface-dlci 502 IETF   
 frame-relay payload-compression FRF9 stac
!
router ospf 1
 router-id 172.16.64.117
 log-adjacency-changes
 area 3 authentication message-digest
 redistribute static subnets route-map ospf-redis
 network 172.16.23.0 0.0.0.255 area 3
 network 172.16.24.0 0.0.0.255 area 3
 network 172.16.64.117 0.0.0.0 area 3
 network 172.16.100.0 0.0.3.255 area 3
 network 172.16.104.0 0.0.0.255 area 3
 network 172.16.238.0 0.0.1.255 area 3
 network 172.16.240.0 0.0.1.255 area 3
 network 172.16.242.0 0.0.1.255 area 3
 network 172.19.24.0 0.0.0.255 area 3
 distribute-list 10 in Serial0/2/0.402
 distribute-list 10 in Serial0/2/0.502
!
ip classless
ip route 172.16.100.83 255.255.255.255 FastEthernet0/0
ip route 172.16.104.2 255.255.255.255 FastEthernet0/0
!
no ip http server
ip nat inside source list 110 interface FastEthernet0/0 overload
ip nat inside source static tcp 172.16.250.121 6003 interface FastEthernet0/0 6003
ip nat inside source static tcp 172.16.250.121 7003 interface FastEthernet0/0 7003
ip nat outside source static 10.98.65.8 172.16.104.2
ip nat outside source static 10.98.65.135 172.16.100.83
!
access-list 10 permit 0.0.0.0
access-list 110 permit ip 172.16.250.0 0.0.0.127 any
access-list 111 permit ip 172.16.100.0 0.0.3.255 any
access-list 111 permit ip 172.16.104.0 0.0.0.255 any
route-map ospf-redis permit 10
 match ip address 111

Any insight would be appreciated!

 
Sort by date Sort by votes
Hi dozier,

Did you check connectivity?
Is NAT working fine? Did you issued 'deb ip nat det' and 'show ip nat trans'?
 
Upvote 0 Downvote
Thanks for responding. I figured out what my problem was. Issue with my NAT statements.

Thanks.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

steel_bender
  • Locked
  • Question
Allow HTTPS TCP Traffic through ASA5525
Replies
1
Views
109
Mogles49
Mogles49
MoJHK
  • Locked
  • Question
Metro Ethernet trouble shootin
Replies
0
Views
70
MoJHK
MoJHK
Tariq Habaybeh
  • Locked
  • Question
Cisco 881WD-E-K9 router configuration
Replies
1
Views
98
burtsbees
burtsbees
Zia khan
  • Locked
  • Question
Cisco: 2811 Router
Replies
1
Views
82
CASSBusinessSystems
CASSBusinessSystems
kjhg
  • Locked
  • Question
2811 ROUTER
Replies
3
Views
130
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top