Re: communication problem !!!

o.montee · ‎11-09-2001

Dears,

I am trying to connect on my sensor from the Cisco Secure Policy Manager. The ping and the telnet between the two is working without problems BUT the connection on port 45000 doesn't work !

When I do a netstat -a on my sensor, I see that the port number 45000 is in mode idle but no in state listen ( state for accepting connections ).

When I start the snoop on this sensor, I see that there are TCP requests and replies packets on port 45000 but no data packets for opening the connection on my policy manager.

The result is : the poliy manager says me that the communication with the sensor on port 45000 is not possible !

Could you help me to find the problem ?

marcabal · ‎11-09-2001

The postoffice port on 45000 is a UDP port and not a TCP port.

We have our own protocol based on UDP that will do basic authentication based on hostid and orgid.

So until the connection is authenticated there won't be any data packets.

So first thing to verify is that you have entered the correct hostid and orgid information.

On the sensor use sysconfig-sensor option 6 to verify that the information match what was originally typed in for the CSPM machine during installation, and what is being typed in CSPM's Add Sensor wizard.

In the snoop output that you saw, were there UDP packets on port 45000 coming from the sensor going to the CSPM box, as well as port 45000 packets coming from the CSPM box going to the sensor.

If not, then either postoffice is not running or is not completely configured on one of the 2 machines. Or a Firewall is blocking the UDP packets.

If the sensor is a separate network then trying moving it to the same network and see if the communication works. If it does then it maybe a network device in between causing the problem.

Are you seeing fragmented UDP packets? These have been known to cause communication problems with CSIDS in some circumstances.