Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
3
Replies

Debug messages

wgranada1
Level 1
Level 1

‎03-18-2008 09:29 AM - edited ‎03-03-2019 09:11 PM

I just wanted to make sure I was reading this debug message correctly. From the debug message I see that the 10.254.27.33 has initated a connection to 156.48.1.99 with a SYN. Now I see that the 10.254.27.33 is natted to a 204.10.122.130 and 156.48.1.99 replies with a ACK SYN. But then for some reason 10.254.27.33 which is translated to 204.10.122.130 response back with a RST. Which in turns 156.48.1.99 response with a RST.

So this tells me that something 10.254.27.33 which is translated to 204.10.122.130 rest the connection for some reason correct or am I reading this wrong?

Labels:
Preview file
5 KB
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎03-18-2008 12:21 PM

Warren

I have looked at the file that you posted and I would agree that your identification of what is happening is pretty correct. If you look a little deeper there is an interesting pattern.

At 18:49:07 there is a series of SYN, SYN ACK, RST

At 18:49:13 there is a SYN with no response

At 18:49:25 there is a series of SYN, SYN ACK, RST

At 18:49:37 there is a series of RST, RST, RST

At 18:49:50 there is a series of SYN, SYN ACK, RST

That would seem to indicate that 204.10.122.130 initiates the session and 156.48.1.99 responds positively, but there is something in the response that is not acceptable and 204.10.122.130 does a RST which terminates the session.

HTH

Rick

HTH

Rick
0 Helpful

wgranada1
Level 1
Level 1
In response to Richard Burts

‎03-18-2008 12:54 PM

hummm the only thing that changed was I added 156.48.1.11 to the BGP routes, then found out that .99 stopped being advertised. After 5 or 6 clear ip bpg neigh the .99 started to be advertised again but still no one could connect. I recently removed .11 so only .99 will be advertised but still get the same problem.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to wgranada1

‎03-18-2008 02:22 PM

Warren

Could you explain a bit more about the topology and post the router config. I have seen this before but as luck would have it i can't emulate in the lab :-). I think it's something to do with the interaction between NAT and routing and the order in which they are done.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card