The problem Iam facing is:
Components: A Definity G3R(MAPD) - CMS Server , PG and CISCO PIX Firewall.
1) The Definity G3R (MAPD) and the CMS server is on the same Local area Network.
2) The PG is on a different network which is on a external network configured on the firewall.
3)The I have opened all ports on the firewall between PG and MAPD and CMS, I can see all the heartbeat traffic in the firewall logs.
4) When PG tries to contact MAPD or the CMS server on the Heartbeat it gives and Error = -20
Can somebody please tell me what is error = -20.
5) but when I do PING , Tracert, telnet ..everything work fine.
6) Before, we were able to establish the hearbeat link and the ASAI Link. We had undergone IP address changes after which it gives the above mentioned error and does not connect.
Did you also open port 6060 for CMS communication *to* the PG? It is actually a "reverse" connection, since the PG listens and the CMS initiates the connect. So you would need origination being IP of CMS, and destination being [IP of PG]:6060.
Sort of an off the cuff answer - not sure what the error code means.
Thanks for your response.
Yes we have opened all the ports between CMS and PG , Yesterday we were able to get the Heartbeat Link up and the performance test getting 100% successful.
Now the error has changed :
"Error setting server state for link 2 mapd; asai_errno = -9, errno = 0"
We are now unable to interpret this error and therefore cant get the actual ASAI link up.
Thanks for your inputs; this are the following errors I am getting on the PIX firewall when PG is trying to Connect to the MAPD.
1) Deny TCP (no connection) from 22.214.171.124/4413 to 126.96.36.199/9999 flags PSH ACK on interface outside
2) Deny TCP (no connection) from 172.18.6.14/9999 to 188.8.131.52/3963 flags RST ACK on interface inside
The IP address details are as follows:
a) 184.108.40.206 IP address of PG1
b) 220.127.116.11 IP address NAT on Firewall for MAPD.
c) 172.18.6.14 IP address of MAPD Interface.
d) 18.104.22.168 IP address of PG2
I would appreciate if you could respond to these errors and give me a solution.
We used to propose this type of design, connect PG to customer CMS/MAPD through firewall, but Cisco TAC said no, they didn't give the reason.
This may seem obvious, but you didn't mention which IP addresses you changed. Have you checked the Map-D to make sure all of the changes you made on the other devices is reflected there? We had a similar issue after some IP address changes and it turned out there were some settings on the Map-D itself that needed to be changed. I believe it was under the TCP/IP Admin area on the Map-D but can't say for certain. Sorry I don't have more details but I wasn't directly involved.
There is a spot in the MAPD where you must explicitly identify a hostname and IP address of any machine that will be connecting to the MAPD, otherwise the connection will be waved off.
It's under TCP/IP administration, Local Host names, in the MAPD administration menu.
Hope this helps,
You can also check the specific errors at the MAPD side by going to the DLG menu and selecting Maintenance/Security Logs/Client Access Logs. You'll see an error like "Invalid Client" or "Invalid Link" if things aren't set up properly in the DLG system.