Redirections issues TSE - Cisco SMB SA 520

Unanswered Question
Dec 17th, 2009
User Badges:


I'm having troubles on a SA 520 router in Load Balancing mode (WAN1 with ADSL router, WAN2 with Wimax modem).

It seems like Load Balancing working pretty well but some terminal server connections are having stability issues. These sessions are 4 with 4 customs ports forwarding to 4 different computers.

One of them works well, others not and one doesn't work at all. 4 firewall's rules (8 in fact, 1 for each WAN) are made in the same way...

For the test connection (the one which worked well), I had to disable some "Attacks" features to improve its stability (like TCP Flood protection).

What would you advice to fix these problems and make TSE connections work well ? I forgot to mention that they work well with the ADSL router only with simply firewall rules.

Thanks in advance for you further help !

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mathcaus33 Mon, 12/21/2009 - 10:16
User Badges:


Can somebody help me a bit please ?

Thanks in advance.

Steven Smith Mon, 12/21/2009 - 10:29
User Badges:
  • Gold, 750 points or more

What version of firmware are you running?  Are you running any protocol bindings with your load balancing? 

Steven Smith Mon, 12/21/2009 - 13:11
User Badges:
  • Gold, 750 points or more

I believe it uses a random port for this each time.  I haven't tried port forwarding with protocol bindings.  If you add in a protocol binding for the servers in question, does that help?

mathcaus33 Mon, 12/21/2009 - 14:21
User Badges:

Well, I can try with these settings but the best would be to permit external employees to have TSE access on both WAN connection. I guess it could be more difficult with protocol binding, no ?

Nothing related to "Attacks" menu ? It seems like TSE was more stable when I tried to disable some options, according to the people I had on the phone.

Documentation is a little bit short on Load Balancing subject which works pretty well excepting these buggy forwarded ports.

mathcaus33 Tue, 12/29/2009 - 05:47
User Badges:


Do you have anything to say about "Attacks" functions and TSE like I asked in my previous message ?

Merry Christmas

mathcaus33 Mon, 01/18/2010 - 03:58
User Badges:


We've made many many tests to better understand the problem. Firmware is now the last recent version : 1.1.21

Each test is realised with following settings :

- 4 remote access connections on a single WAN configuration

- protocol bindings for each

- dedicated WAN = wimax

- optional WAN = adsl behing adsl router

First test (single WAN)

With WAN1 or WAN2 working alone, with protocol bindings and redirections well set, everything's ok. Remote connections are always working greatly and don't suffer of disconnections.

Second test (double WAN)

With both WAN activated, the situation isn't the same. I've tried to test both redirections on WAN1 or WAN2 (with protocol bindings). Remote connections work randomly, a connection can work and disconnects a few minutes later without possibility of reconnection.

An interesting thing to know is that HTTP/HTTPS and some other services defined in the same way (with protocol bindings) work very well. It seems that the problem only affects inbounds connections and custom services (on custom ports to connect on local computers).

Third test (double WAN + capture packets)

Attached files are the result of capture. Redirections + protocol bindings of remote connections are set on WAN1. WAN2 capture shouldn't contain any traffic on ports used by redirections (2222/4444/4747/5679). Something may going wrong with that, as if the router redirect inbound connection on the local computer throught WAN1 and use WAN2 to get out.

I hope you'll understand the problem, sorry for my bad english. I'm avalaible to answer questions to give more details.

Thank in advance for further help.

Steven Smith Tue, 01/19/2010 - 08:44
User Badges:
  • Gold, 750 points or more

Can you provide the IP's for the 1st and 2nd WAN?  Can you also post your config?  I think that is all I need for now.

mathcaus33 Tue, 01/19/2010 - 08:59
User Badges:



Can I hide login informations and ppoe profile in the config file or do you have a secured way to send original .cfg file ?

mathcaus33 Thu, 01/28/2010 - 02:53
User Badges:


Have you done some tests with the configuration I gave you ? I would like to know if I could make some tests in the following days with both WANs working together.

Best regards.

jamccord Wed, 01/20/2010 - 07:57
User Badges:

Firmware version 1.1.21 is available for download.  Please download the release notes and firmware and update your router.  Be aware that you will have to factory reset your SA500 and configurations from 1.0.39 will not be able to be uploaded to the SA500.  There have been updates and changes made to the way the optional wan works.

mathcaus33 Wed, 01/20/2010 - 18:18
User Badges:

I've updated to firmware 1.1.21 a week ago and I've made my tests on both 1.0.39 and 1.1.21 firmware with the same results.

mathcaus33 Tue, 02/02/2010 - 18:06
User Badges:

Is there anything new related to my issues ? I need to know as soon as possible how to fix it for my customer's network.

Best regards.

Steven Smith Wed, 02/03/2010 - 12:18
User Badges:
  • Gold, 750 points or more

I am still working with the development team for this.  I hope to have more information for you soon.

mathcaus33 Thu, 02/11/2010 - 09:45
User Badges:

I hope too ! Do you have any idea of a release date ?

Steven Smith Thu, 02/11/2010 - 10:54
User Badges:
  • Gold, 750 points or more

I don't have a release date with this issue yet, but I will let you know as soon as I do.


This Discussion