So you are doing DLSW through a firewall? The NAT and firewall issue would seem to be the problem, but with a firewall, even if the inside initiates the session, assuming it's a stateful firewall, will the outside still be able to initiate a ping from outside to inside? On a stateful firewall, once a translation is built from inside to outside, can the outside still initiate a separate session - say with a TCP SYN packet. Or an ICMP Echo....I don't think so but I've been wrong before. This problem points to a classical mistake -- don't change to many things at one time. It makes it difficult to isolate the problem. I find it funny that Andrew said "The ONLY change was upgrade IOS, AS400 work, and firewall rebuilt." I don't have a resolution - but I would start at the firewall and AS400. Maybe take the routers back to the original code first. Not that there could possibly be a bug in the IOS.... Kenny ----- Original Message ----- From: "Kent" <[EMAIL PROTECTED]> To: "Dao, Tien" <[EMAIL PROTECTED]>; "'Andrew Larkins'" <[EMAIL PROTECTED]>; "Cisco Mail List" <[EMAIL PROTECTED]> Sent: Friday, June 30, 2000 3:19 PM Subject: RE: AS400 funny connectivity issues with Cisco 3660 router -any i deas here?? > It sounds not only like firewall but also, more > specifically, like a NAT issue. > > Before the NAT table starts working, there is no way > for the outside to hit the inside, but when you fire > something up from the inside, the NAT table is > activated. > > Kent > > --- "Dao, Tien" <[EMAIL PROTECTED]> wrote: > > The problem seems to be Firewall related. Assumming > > the remote workstation > > is from the outside of the firewall, it is not > > allowed to get back to the > > AS400 which is behind the firewall until the > > connection is initiated and > > establised from inside. Check your firewall access > > statement(s). > > > > -----Original Message----- > > From: Andrew Larkins > > [mailto:[EMAIL PROTECTED]] > > Sent: Friday, June 30, 2000 7:44 AM > > To: Cisco Mail List > > Subject: AS400 funny connectivity issues with Cisco > > 3660 router -any > > ideas here?? > > Importance: High > > > > > > We have upgraded the router to IOS 12.1.2T from > > 12.1.1aT1. The remote site > > uses DLSw and IP to connect to the AS400. Some LAN > > users can ping he AS400, > > but others can not. All related LAN configs are > > correct. A trace from the > > router hits the destination, but from the > > workstation, it goes across the > > WAN to the main router, but then times out. The > > funny thing here is that if > > you ping the remote workstation that does not work > > from the AS400 directly, > > you get a reply and then the user can work and then > > ping the AS400 himself. > > I have checked the routes on the AS400 and all is ok > > -default route to the > > routers ethernet port. The only change is the > > software upgrade, some work > > was done on the AS400 and the firewall was rebuilt. > > I believe the issue to > > be with the AS400. > > > > Any input here is appreciated > > > > > > Regards > > > > Andrew Larkins > > BCom, CCNA > > Usko Communications > > Tel: +2711 800-9300 > > Fax: +2711 800-9495/6/7/8/9 > > Cell: +2783-656-7214 > > Email: [EMAIL PROTECTED] > > OR [EMAIL PROTECTED] > > > > > > "This message may contain information which is > > confidential and subject to > > legal privilege. If you are not the intended > > recipient, you may not peruse, > > use, disseminate, distribute or copy this message. > > If you have received > > this message in error, please notify the sender > > immediately by email, > > facsimile or telephone and return and/or destroy the > > original message." > > > > > > > > ___________________________________ > > UPDATED Posting Guidelines: > > http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to > > [EMAIL PROTECTED] > > > > ___________________________________ > > UPDATED Posting Guidelines: > > http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > __________________________________________________ > Do You Yahoo!? > Kick off your party with Yahoo! Invites. > http://invites.yahoo.com/ > > ___________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > ___________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
