?
Solved

TCP Reset-I Cisco Firewall

Posted on 2003-12-05
8
Medium Priority
?
9,635 Views
Last Modified: 2013-11-16
Remote user connecting with Terminal Server to map a drive on the server has been able to do this for many months.  Now we are receiving a syslog message as follows:
Teardown TCP connection 3508033 faddr 124.24.126.36/3767 gaddr 165.123.12.161/445 laddr 192.168.1.3/445 duration 0:00:00 bytes 0 (TCP Reset-I)

This occurs even though a Terminal server session runs from the same machine at the same time that port 445 is rejected by the server (if I understand the message correctly).  

User obviously receives a message about network address not found.  This is a server running Win2K Server and the user running Win XP.  

Thanks for your help.
 
0
Comment
Question by:DEllis3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 13

Expert Comment

by:td_miles
ID: 9886737
What version IOS are you running (use "show version") ?

Have there been any changes to cause this ? Have you upgraded the IOS ? Have you upgraded Terminal Server ? Have you changed OS on the PC ?

If it was working happily, then something must have changed to cause it not to work.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9888118
Has user installed cable router that is now doing DHCP and NAT at home?
Is their local LAN now 192.168.1.x
Is the Term server IP 192.168.1.3 ?
0
 

Author Comment

by:DEllis3
ID: 9896575
nicpix up 187 days 19 hours

Hardware:   SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 00d0.b76b.7ee4, irq 11
1: ethernet1: address is 00d0.b73f.e6c9, irq 15
2: ethernet2: address is 00d0.b7a0.9987, irq 10

No change to the firewall.
No change to the OS other than MS patches.
No change to the PC OS (XP) other than MS patches.
Term server IP address on the DMZ is 192.168.1.3.   External address is as shown in the quesion.  

I will have to check with the user when she arrives this morning as to her local IP address and NAT.  She is using cable modemwith a fixed external ip address.  I will post the answer to this last question, but it may be tomorrow as she lives too far to return home and back today.  

Thanks for your help.

0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:DEllis3
ID: 9906939
User at home is using cable modem and wireless at home.  Her IP address at home 192.168.1.102, with default gateway 192.168.1.1
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 9907210
There's the problem.
Her local LAN is 192.168.1.x
Your Corp LAN is 192.168.1.x
Her PC thinks that your TS 192.168.1.3 is local and refuses to send through the VPN

Solution=change her local LAN to something else, like 192.168.2.0
I would imagine it being easier to change hers than change your internal corporate LAN?

This is one reason why I always council my clients to never, ever use 192.168.1.0, 192.168.0.0, 10.0.0.0 as their corporate LAN
0
 

Author Comment

by:DEllis3
ID: 9912574
We will try that, but I don't think it is the answer:  The external address is the one that she sends to.  We are not using a VPN but rather Terminal Server.  The external address is 165.123.12.161.  She doesn't see the 192.168.1.x address.  Also, she is able to connect to the same IP address using Terminal Server port 3389.  It is only the port 445 for mapping a drive that will not hold the connection.

Thanks for your help.  I will try to have her change her local gateway and see what happens.



0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11468644
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

--> Accept: lrmoore

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

tim_holman
EE Cleanup Volunteer
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question