WEIRD:router sending tcp rst packets to incoming tcp connections

Unanswered Question
Aug 13th, 2007


i am hosting an application server at HO to which clients connect using the client application, using 2 ports.(8090,8092). We were using a DSL connection and eveyrthing was good.

Now we bought an E1, terminated it on 2811 using e1 controler card.I configured Nat with ports using SDM for application server. everything is fine, the internet is working good. clients started connecting but when the number of clients reach 3 or 4 then no more connections are made. i did not do any other configuration apar from NAT. i looked up debug ip tcp packets and it showed RST pakets being sent to client adds from my public ip. it doesnt show any tcp rst packet from the private ip of my application server. can any1 have any idea.

Also i observed thAT in "sh ip nat translation" showed me blank outside local nad outside global address fields. Still then no one could connect. Very weird behaviour. the application behaviour is such that first an http page is open then there are builtin tcp connection request from the client to the server. http coonections are made ( verfied in sh ip nat translation) but no tcp connections to the tcp ports are made.

every client establishes 3 specified tcp connections and a single http connection to the server in order to work properly.

overload is working because i do get 3-4 clients on my server application working properly.

once i tried to connect 4 clients comming from the same IP ..........all connected. And another 3 clients from another IP....all connected.Then i tried to establsih a connection from a client using dial-up was not connected.

More over..... if i remove the router and connect the server through DSL ..........everythign works fine. this is what makes me believe there is no problem with the application.

kindly atleast gimme some hint so that i may look into it.


Attached is my sh run

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srmumtaz01 Mon, 08/13/2007 - 19:42


the sh run attached to the original message is from 12.4 adv security k9 IOS. I tried 12.4 IPBASE , and tested very briefy and same results are coming.



This Discussion