We're getting an issue where a third party company who access an iSeries server on our internal network is periodically losing their connection to this server (they access via client software on port 23). They're coming thru a l2l VPN tunnel with no restrictions. I've checked the log files and found this for one of the client IP addresses
Deny TCP (no connection) from TALENT_SERVER/1025 to 172.17.10.129/2209 flags ACKon interface inside
where TALENT_SERVER is the server they're connecting to and 172.17.10.129 is the client address. The client usually re-connects straight away and completes the transaction without issue. Interestingly, the previous company who provided this service connected to us via a spare interface on the firewall (they were based in the next building) and had the same issue. We also have many clients on the internal network who connect without any issues which makes me think something on the firewall is causing this. Anyone got any ideas or pointers cos I'm a bit stumped?
Hi Golly, thanks for the reply. Are you talking about the routing on the firewall, our internal routing or the routing on the 3rd party's network. Sorry if this is a dumb question, firewall admin is only part of my job so I'm no expert.
Can provide a network diagram for here but not the 3rd party's network. I've asked them for it and I'll put the inside interface of the firewall and our iSeries on the same switch in case thats causing any bother. Is there anything I can look at on the firewall which might be causing the issue?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...