Solved

Heres a hard one...

Posted on 2004-04-29
11
505 Views
Last Modified: 2013-11-16
I have a small networking environment. The architecture goes as follows: I have a SBS 2000 along with other shared computers behind NAT, have a PIX firewall and an ADSL modem connecting to the Internet.
Heres the problem... From time to time the SBS Server is getting disconnected from the MODEM (i.e. Ping from the Server to the modem will not give me any replies, while from any other workstation to the modem and to the server and vice versa will reply very well). As well, any incomming mail will not arrive to the final destination which is - the server.
Note:
In a normal situation, I have good communications between all the devices in the network (i.e. server, workstations and the modem) and emails are getting to destined users.

I'll appreciate any help...

Cyber
0
Comment
Question by:Cyber-Dude
  • 5
  • 2
  • 2
  • +2
11 Comments
 
LVL 7

Expert Comment

by:sr_millar
Comment Utility
Cyber,

Just an idea...

What are your port speed settings on all your equipment?  Just wondering if it might help forcing all the nics at 100Mbs Full Duplex for example (i.e on the server and modem if possible).

It might be a port speed negotiation issue.....

Stuart
0
 
LVL 15

Author Comment

by:Cyber-Dude
Comment Utility
Thank you Stuart for your reply...

Well, the speed inside the LAN is, naturally, 100mbps for all devices. Modem speed is at 10mbps but, it is connected directly to the PIX Firewall (At the WAN leg). Im not sure whether this is the source of the problem; I can Ping from any other station to the server, as well to the modem and vice versa...
Also, the LAN is connected through a Switching system thus eliminating any physical issues.

But I'll check on to it.

Cyber
0
 
LVL 16

Expert Comment

by:Nyaema
Comment Utility
I think the SBS server is busy handling other traffic when you are trying to ping.
Traffic could also be from a worm like Slammer if you are running SQL-Server.
You can use the monitoring tools in ISA to find out what is happening to your traffic in terms of applications and users.
You can also use perfomance monitor to monitor the traffic.

Also have you installed all the latest patches for Win2K, ISA, and SQL?
0
 
LVL 7

Assisted Solution

by:EmpKent
EmpKent earned 30 total points
Comment Utility
Place a hub between you ISA and your PIX and subsequently your PIX and router and run a sniffer application such as Ethereal to determine where the ICMP path is being terminated.

eg: Does the request leave the ISA server? Does it get to the PIX, Does the PIX forward it, etc.

Also, check the IDS settings and the logs of the PIX. Perhaps IDS is enabled on the inside interface and it thinks there is an attack occuring from the ISA server. Since this behaviour is intermittent, there must be something changing in the environment.

Kent
0
 
LVL 15

Author Comment

by:Cyber-Dude
Comment Utility
Thank you both Nyaema and EmpKent...

Nyaema
Well, I ren some monitoring tools. The only thing was significant is that the server ren into some broadcast traffic which was somthing like 0.05% of all traffic. This problem is being dealt with as we speek. Also, the peak network traffic utilization reached somthing like 25% of total network backbone. Most of the time it was 5% or less. If it was a virus, I think utilization would reach a much higher and frequent peaks. Also, take in mind that if the server was too busy replying Pings I sent from the server to the modem, than I would not be able to reply Pings I sent from other NICs in the network to the server.

EmpKen
We are not running an ISA Server (SBS Standart Edition) due to the known consequences and implications. Leaving the IDS issue out of the question.

Cyber
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 7

Expert Comment

by:EmpKent
Comment Utility
Sorry, I missread but it does not eliminate the IDS possibility.

Foremost would be to determine where the ICMP cycle gets disrupted. It will determine which box is the culprit and significantly reduce your hassles.

Network utilisation is a nonissue if the other devices on the network continue to function normally.

Kent
0
 
LVL 16

Assisted Solution

by:Nyaema
Nyaema earned 30 total points
Comment Utility
Is the pix firewall configured to redirect port 25 to your SBS?
I have heard some issues about PIX firewalls to do with publishing servers and multiple connects.

If the above applies to you, then maybe you should check for IOS upgrades or issues on the Cisco site.

It might be something worth checking.

What model of the PIX do you have?
0
 
LVL 11

Accepted Solution

by:
PennGwyn earned 40 total points
Comment Utility
What do the PIX logs show?

0
 
LVL 15

Author Comment

by:Cyber-Dude
Comment Utility
EmpKent,

We checked for any IDS system installation and add on running on the PIX Firewall and all was disabled. ICMP traffic for the outbounce is disabled and for the inbounce things looked normal. Any other suggestions? Thank you.

Nyaema,

The PIX Firewall is indeed configured to redirect port 25 traffic to the SBS, as well it is configured to use IP address pool we got from the ISP and publish ONE IP address referring the mail server. We will check your point there and we will publish our findings soon. Thank you.

PennGwyn,
Thank you for your reply. I'll look on to it (ref. publish the Cisco log file).

Cyber
0
 
LVL 15

Author Comment

by:Cyber-Dude
Comment Utility
Heres an evolvement...
Our ISP provides us with TCP/IP address pool. As well, we found out that ECI modems are potecially problematic in that kind of architecture. We will assemble an Alcatel modem soon and I'll let you know how it went...

Cyber
0
 
LVL 15

Author Comment

by:Cyber-Dude
Comment Utility
Thank you all for trying... The problem layed on the Modem it-self. It is an ECI modem which was not capable in handling IP address pool thus filled buffer sooner than expected. We replced the modem with an Alcatel modem and all problems solved.

Once again, thank you all for helping...
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now