|
|
Telnet over Site to Site IPsec
I'm trying to troubleshoot a configuration that I inherited and I'm not
sure where to start.
We have a retail client with three stores each with a PIX 501 connected
via site to site IPsec tunnels to an ASA 5520 at a central location.
Workstations at each store telnet to a Linux server at the central
location.
For the past couple of weeks, the telnet connections at the store have
been intermittently disconnecting. It seems to be happening maybe 3-4
times a day overall.
I don't see any errors on the firewalls logs or interfaces or on the
network interface of the Linux server.
Any ideas on how I should troubleshoot this issue?
Thanks in advance!
-- Vince
|
|
0
|
|
|
|
Reply
|
 Vince
|
10/27/2007 12:41:18 AM |
|
Do you have some configs we can see?
"Vince Kimball" <vince@vkimball.com> wrote in message
news:MPG.218c53102bd3ef90989680@newsgroups.comcast.net...
> I'm trying to troubleshoot a configuration that I inherited and I'm not
> sure where to start.
>
> We have a retail client with three stores each with a PIX 501 connected
> via site to site IPsec tunnels to an ASA 5520 at a central location.
> Workstations at each store telnet to a Linux server at the central
> location.
>
> For the past couple of weeks, the telnet connections at the store have
> been intermittently disconnecting. It seems to be happening maybe 3-4
> times a day overall.
>
> I don't see any errors on the firewalls logs or interfaces or on the
> network interface of the Linux server.
>
> Any ideas on how I should troubleshoot this issue?
>
> Thanks in advance!
> -- Vince
|
|
|
0
|
|
|
|
Reply
|
none
|
10/27/2007 4:14:59 AM
|
|
When the connection from linux disconnect does IPsec also disconnect
from the peer.
|
|
|
0
|
|
|
|
Reply
|
CK
|
10/28/2007 8:13:33 AM
|
|
How many workstations at each store ?
The PIX 501 by default only has 10 user license so it will not support
more than 10 sessions
|
|
|
0
|
|
|
|
Reply
|
Merv
|
10/28/2007 10:52:53 AM
|
|
In article <1193559213.830128.10800@50g2000hsm.googlegroups.com>,
chetan.kamra@gmail.com says...
> When the connection from linux disconnect does IPsec also disconnect
> from the peer.
>
>
No, the IPsec doesn't disconnect. Other telnet sessions from the same
location aren't dropped just one.
|
|
|
0
|
|
|
|
Reply
|
Vince
|
10/28/2007 8:27:59 PM
|
|
In article <1193568773.538895.221550@y42g2000hsy.googlegroups.com>,
merv.hrabi@rogers.com says...
>
> How many workstations at each store ?
>
> The PIX 501 by default only has 10 user license so it will not support
> more than 10 sessions
>
>
Two of the stores have PIXes with 50 user licenses. Those stores have
between 5 and 10 workstations.
One store only has 2 workstations so they have a 10 user license.
It doesn't seem to be a user license issue, as the dropped user can
immediately reconnect.
|
|
|
0
|
|
|
|
Reply
|
Vince
|
10/28/2007 8:30:19 PM
|
|
Assuming it is not an IPSEC issue, then I would put a sniffer ( PC
with Etherreal) and capture the Telnet sessions to the Linux server.
When an incident occurs is it all of the workstations in a store that
disconnect or just some?
Are all stores affected at the same time?.
Assuming it is not an IPSEC issue, then I would connect a sniffer ( PC
with Etherreal) on the same LAN where the Linux server and capture the
Telnet sessions to the Linux server. Look for TCP resets and the like.
|
|
|
0
|
|
|
|
Reply
|
Merv
|
10/29/2007 9:26:26 AM
|
|
In article <1193649986.123670.192680@d55g2000hsg.googlegroups.com>,
merv.hrabi@rogers.com says...
>
> Assuming it is not an IPSEC issue, then I would put a sniffer ( PC
> with Etherreal) and capture the Telnet sessions to the Linux server.
>
> When an incident occurs is it all of the workstations in a store that
> disconnect or just some?
>
> Are all stores affected at the same time?.
>
> Assuming it is not an IPSEC issue, then I would connect a sniffer ( PC
> with Etherreal) on the same LAN where the Linux server and capture the
> Telnet sessions to the Linux server. Look for TCP resets and the like.
>
>
Generally it's just a couple of workstations at a time, not all
workstations at a store nor all stores.
|
|
|
0
|
|
|
|
Reply
|
Vince
|
10/29/2007 10:03:41 AM
|
|
On Oct 29, 6:03 am, Vince Kimball <vi...@vkimball.com> wrote:
> In article <1193649986.123670.192...@d55g2000hsg.googlegroups.com>,
> merv.hr...@rogers.com says...
>
>
>
> > Assuming it is not an IPSEC issue, then I would put a sniffer ( PC
> > with Etherreal) and capture the Telnet sessions to the Linux server.
>
> > When an incident occurs is it all of the workstations in a store that
> > disconnect or just some?
>
> > Are all stores affected at the same time?.
>
> > Assuming it is not an IPSEC issue, then I would connect a sniffer ( PC
> > with Etherreal) on the same LAN where the Linux server and capture the
> > Telnet sessions to the Linux server. Look for TCP resets and the like.
>
> Generally it's just a couple of workstations at a time, not all
> workstations at a store nor all stores.
The few workstations at a time - are they at one store or multiple
stores - if they are at multiple stores then it may indicate that the
issue is a the central site.
|
|
|
0
|
|
|
|
Reply
|
Merv
|
10/29/2007 10:28:43 AM
|
|
|
8 Replies
127 Views
(page loaded in 0.125 seconds)
Similiar Articles: telnet to a remote ASA - comp.dcom.sys.ciscoHi there, I am not able to telnet to my remote 5505 wich I have sit-2-site VPN connection to ... situation the ASA then drops TCP sessions over VPN, i.e. after a telnet ... Cisco ASA: VPN behaviour when packet loss is high on WAN - comp ...In this situation the ASA then drops TCP sessions over VPN, i.e. after a telnet login one gets kicked out after a few seconds or minutes. Previously we had that VPN ... One way traffic over a VPN - comp.dcom.sys.cisco... comp.dcom.sys.cisco VPN - comp.dcom.sys.cisco ..... over the ... Virtual Private Network ... when packet loss is high on WAN - comp ... over VPN, i.e. after a telnet login ... Ping from ASA to remote network over VPN - comp.dcom.sys.cisco ...Site-to-site VPN between two ASAs. From the ... to a process? - comp.unix.solaris telnet to a remote ASA - comp.dcom.sys.cisco Ping from ASA to remote network over VPN ... PIX vs RV042 - comp.dcom.sys.cisco... users on the LAN telnet into) connected to the internet via cable and a PIX ... pix to rv042 vpn - comp ... Site-to-site VPN tunnel ... but no traffic will flow over it ... MTU with Site to Site VPN - comp.dcom.sys.cisco... cisco DHCP through IPsec - comp.dcom.sys.cisco about DHCP over IPsec - Virtual Private Network ... ... THe vpn is stable, i can ping, ftp, telnet, rdp, etc down the tunnel ... Pix 506E IPsec site to site VPN Problem - comp.dcom.sys.cisco ...There is no specific "route this over VPN" command: anything that matches a ... status and/or uptime on PIX 506e: Cisco, PIX ... Site-to-site VPN (Virtual Private Networking ... Printing via IPP to two seperate JetDirect print servers behind a ...Hello I am purchasing two print servers for a remote office that is connected over a site-to-site vpn. In the past I have set up a single jetdirect ... Looking for a solution where VPN Client access can use site to ...Ping from ASA to remote network over VPN - comp.dcom.sys.cisco ... Looking for ... Ping from ASA ... virtual private network ... I have a Cisco ASA 5510 and I can ... How to Configure Site-to-Site VPN in Cisco Routers - comp.dcom.sys ...... with Site to Site VPN - comp.dcom.sys.cisco Hi, In our site-to-site VPN setup ... comp.dcom.sys.cisco about DHCP over IPsec - Virtual Private Network ... ... have a site ... SA520 dropping rdp and telnet sessions over site to site IPSEC VPN ...SA520 dropping rdp and telnet sessions over site to site IPSEC VPN Session problem is on a site to site IPSEC VPN between an SA520 and and ASA 5520. The 5520 h VPN Site to Site "Reset" IssueI ran the same telnet servers and apps, to the same sites over VPN site to site, and never had any issues like this. On my firewall, I am not running antivirus ... 7/11/2012 12:27:46 AM
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
24 followers. 