Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
0
Helpful
2
Replies

Application trouble over site-site vpn link

ov
Level 1
Level 1

‎10-24-2008 03:16 AM - edited ‎03-11-2019 07:02 AM

I have some problems with a program that won't initiate over a vpn link. Users on the 192.168.99.0 side, starts the program client. The client then contacts its database on 192.169.98.12, to load the program. The user credentials, clearly gets checked, as a wrongful password is denied. The client tries to load the program, but hangs.

Heres the log on the 192.168.98.0 side:

6|Oct 24 2008|09:14:39|106015|192.168.98.12|2812|192.168.99.102|2562|Deny TCP (no connection) from 192.168.98.12/2812 to 192.168.99.102/2562 flags ACK on interface inside

6|Oct 24 2008|09:14:39|106015|192.168.98.12|2812|192.168.99.102|2562|Deny TCP (no connection) from 192.168.98.12/2812 to 192.168.99.102/2562 flags PSH ACK on interface inside

6|Oct 24 2008|09:14:39|302014|192.168.99.102|2562|192.168.98.12|2812|Teardown TCP connection 21782 for Outside:192.168.99.102/2562 to inside:192.168.98.12/2812 duration 0:00:04 bytes 28870 Flow closed by inspection

4|Oct 24 2008|09:14:39|507001|192.168.99.102|2562|192.168.98.12|2812|Terminating TCP-Proxy connection from Outside:192.168.99.102/2562 to inside:192.168.98.12/2812 - reassembly limit of 8192 bytes exceeded

6|Oct 24 2008|09:14:35|302014|192.168.99.102|2560|192.168.98.12|1521|Teardown TCP connection 21781 for Outside:192.168.99.102/2560 to inside:192.168.98.12/1521 duration 0:00:00 bytes 296 TCP FINs

6|Oct 24 2008|09:14:35|302013|192.168.99.102|2562|192.168.98.12|2812|Built inbound TCP connection 21782 for Outside:192.168.99.102/2562 (192.168.99.102/2562) to inside:192.168.98.12/2812 (192.168.98.12/2812)

6|Oct 24 2008|09:14:35|302013|192.168.99.102|2560|192.168.98.12|1521|Built inbound TCP connection 21781 for Outside:192.168.99.102/2560 (192.168.99.102/2560) to inside:192.168.98.12/1521 (192.168.98.12/1521)

6|Oct 24 2008|09:14:16|302021|192.168.99.102|512|192.168.98.12|0|Teardown ICMP connection for faddr 192.168.99.102/512 gaddr 192.168.98.12/0 laddr 192.168.98.12/0

6|Oct 24 2008|09:14:16|302021|192.168.99.102|512|192.168.98.12|0|Teardown ICMP connection for faddr 192.168.99.102/512 gaddr 192.168.98.12/0 laddr 192.168.98.12/0

6|Oct 24 2008|09:14:14|302013|192.168.99.102|2557|192.168.98.12|139|Built inbound TCP connection 21774 for Outside:192.168.99.102/2557 (192.168.99.102/2557) to inside:192.168.98.12/139 (192.168.98.12/139)

6|Oct 24 2008|09:14:14|302015|192.168.99.102|137|192.168.98.12|137|Built inbound UDP connection 21773 for Outside:192.168.99.102/137 (192.168.99.102/137) to inside:192.168.98.12/137 (192.168.98.12/137)

6|Oct 24 2008|09:14:13|302014|192.168.99.102|2556|192.168.98.12|445|Teardown TCP connection 21772 for Outside:192.168.99.102/2556 to inside:192.168.98.12/445 duration 0:00:01 bytes 0 TCP Reset-I

6|Oct 24 2008|09:14:12|302013|192.168.99.102|2556|192.168.98.12|445|Built inbound TCP connection 21772 for Outside:192.168.99.102/2556 (192.168.99.102/2556) to inside:192.168.98.12/445 (192.168.98.12/445)

6|Oct 24 2008|09:14:12|302020|192.168.98.12|0|192.168.99.102|512|Built outbound ICMP connection for faddr 192.168.99.102/512 gaddr 192.168.98.12/0 laddr 192.168.98.12/0

6|Oct 24 2008|09:14:12|302020|192.168.99.102|512|192.168.98.12|0|Built inbound ICMP connection for faddr 192.168.99.102/512 gaddr 192.168.98.12/0 laddr 192.168.98.12/0

Everything else, communication wise works flawlessly on this link.

Any ideas ??

All help appreciated!

Regards

Ole V

Labels:
0 Helpful
2 Replies 2

ov
Level 1
Level 1

‎10-24-2008 03:18 AM

Forgot to mention that this site-site vpn is made by 2 ASA5505's.

asa804-k8 software on both

0 Helpful

ov
Level 1
Level 1

‎10-28-2008 01:49 AM

Sorry for the bump, but surely someone must have something clever to say about this log?

There are three lines here, that i think might be the source for the "Deny TCP (no connection)..." entries:

6|Oct 24 2008|09:14:13|302014|192.168.99.102|2556|192.168.98.12|445|Teardown TCP connection 21772 for Outside:192.168.99.102/2556 to inside:192.168.98.12/445 duration 0:00:01 bytes 0 TCP Reset-I

Oct 24 2008|09:14:39|507001|192.168.99.102|2562|192.168.98.12|2812|Terminating TCP-Proxy connection from Outside:192.168.99.102/2562 to inside:192.168.98.12/2812 - reassembly limit of 8192 bytes exceeded

Oct 24 2008|09:14:39|302014|192.168.99.102|2562|192.168.98.12|2812|Teardown TCP connection 21782 for Outside:192.168.99.102/2562 to inside:192.168.98.12/2812 duration 0:00:04 bytes 28870 Flow closed by inspection

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card