SYN>ACK, ACK Missing on ISA server

Unanswered Question
Aug 23rd, 2010
User Badges:

Good day to all of our netpros here!


I was at a client's side, and there are two scenarios. I just would like to know your take on this.

I did a network redesign for one of our client's. I created the  192.168.8.0 0.0.7.255 network (192.168.8.0 - 192.168.15.255), to replace  the 192.168.2.0 network. All was going well inter-site, cuz they have  one in alabang and one in paranaque, all connected via leased line, and  running EIGRP. Problem is with their internet, they have an ISA server  at the internet edge. With my current setup, I couldn't reach the  internet via the 8.x to 15.x network. I then recreated the 2.x network,  and it can go to the internet through the ISA server, which has an IP of  192.168.1.10.

With that, I am pretty sure that there is no issue with regards to  inter-site routing, because it is impossible that the 2.x network takes a  separate and different path from the rest of the subnets that I created  on that site.

Problem is, Remote Desktop is not permitted, ICMP packets, as well as  traceroutes, are not even permitted on the ISA server so troubleshooting  is really a pain.

I ran packet sniffers from one client on the 192.168.2.x network, and  accessed the internet. I noticed that the client has established proper  TCP Three Way Hand Shake, and fair enough, it did access the internet  via the ISA proxy server-firewall.

I ran packet sniffers from one client on the 192.168.13.x network which I  created, and accessed the internet. I noticed that the clients send out  ACK requests to the ISA server. However, I never saw a SYN, ACK coming  back from the ISA server, thus the threeway handshake cannot be  established. Is it possible that the ISA server doesn't recognize  packets coming in from the new subnets that I created, thus dropping  them right off the bat, and permitting only those that it recognizes? I also attached the pcap traces for visual references. Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sugarpaddy Tue, 08/24/2010 - 02:53
User Badges:

Hi

Just having a quick  look at your packet capture you seem to be getting alot of checksum errors which could indicate be a network card problem?

polofalltrades Tue, 08/24/2010 - 04:13
User Badges:

Do checksum errors easily relate to NIC problems? I really don't quite think so, as I'm pretty sure I have an OK NIC

Actions

This Discussion