03-03-2004 06:56 AM - edited 02-21-2020 01:03 PM
Hi,
i have an 386 router configured with vpn and access lists + ip inspect rules.
The internet traffic from the lan is not experiencing any problems and the static nat rule for incoming traffic (for incoming smtp) is working fine too.
However if i connect with a vpn client i can't make a connection to the server on the lan side.
In my case, an isa server with published terminal services. The ISA server is not the problem, i tested that.
When i monitor the cisco with "debug ip inspect tcp" i get the following messages :
*Mar 5 21:24:11.282: CBAC sis 819E992C pak 816F57D4 TCP SYN SEQ 2959149246 LEN 0 (192.168.5.7:3640) => (10.0.1.1:3389)
*Mar 5 21:24:11.282: CBAC sis 819E992C L4 inspect result: SKIP packet 816F57D4 (192.168.5.7:3640) (10.0.1.1:3389) bytes 0 tcp
*Mar 5 21:24:11.286: CBAC* sis 819E992C pak 816674EC TCP ACK 2959149247 SEQ 181756586 LEN 0 (10.0.1.1:3389) <= (192.168.5.7:3640)
*Mar 5 21:24:11.286: CBAC* sis 819E992C L4 inspect result: DROP packet 816674EC (10.0.1.1:3389) (192.168.5.7:3640) bytes 0 tcp
*Mar 5 21:24:11.602: CBAC* sis 819E992C pak 81661984 TCP SYN ACK 2959149247 SEQ 181756585 LEN 0 (10.0.1.1:3389) <= (192.168.5.7:3640)
What is causing the drop of the packet ?? I can see that something is dropped but how can i find the cause of it ?
The software version is : :c836-k9o3s8y6-mz.123-4.T1.bin
Here's my config :
Thanx in advance,
Sebastian
03-10-2004 07:04 AM
The only reason that I know of for failue of terminal services is that WebVPN does not work with ActiveX control. Thus when running WebVPN you could have problems accessing the corresponding pages.
03-15-2004 12:40 AM
Ít's not by web client but by the windows remote desktop client....
But my main problem is that i don't know What rule is blocking the traffic.
05-19-2004 12:20 AM
Solved problem by uploading a new IOS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: