RE: Telnet SYN/ACK pkt reply on TCP source port 3-6!!?? [7:61661]

[Newell Ryan D SrA 18 CS/SCBT]

Never mind. I figured it out. Just had to write the problem out in an email
to get my mind working.
When I was capturing data the SYN/ACK source port would change from 1-6.
That made me thank about how overloading works. The interface was configured
as an outside interface. The overload IP was the IP of the interface I was
attempting to telnet to. That's why layer 3 looked okay. But layer 4 threw
me off. When my reply packets got subjected to the NAT translation process
the router would change the source port according to the number of entires
it had. That is why it would change from 1-6. Sorry for sending this in. I
should of thought about it a little bit more :-(


                -----Original Message-----
                From: Newell Ryan D SrA 18 CS/SCBT 
                Sent: Thursday, January 23, 2003 7:51 PM
                To: '[EMAIL PROTECTED]'
                Subject: Telnet SYN/ACK pkt reply on TCP source port 3-6!!??

                I tried to telnet to a distant end 3660 router. Connection
would timeout. I was able to ping the router from my PC. The router 
                could telnet to the router that was between my PC and
itself. Ran capture and the data yielded this....

                IP Source 10.0.0.1 Destination 10.0.1.2 TCP SYN destination
port 23 source port 2407  
                IP Source 10.0.1.2 Destination 10.0.0.1 TCP SYN/ACK
destination port 2407 source port 6 
                IP Source 10.0.0.1 Destination 10.0.1.2 TCP RST destination
port 6 source port 2407

                10.0.0.1 is my PC and 10.0.1.2 is the distant end router. I
believe the RST bit is set on the last packet because my PC is not listening
to that port. So it closes this connections with the RST bit.  

                We got it working. But the funny thing is.....

                The user's 3660 had two interfaces. One on his LAN and one
on my LAN. He was using NAT. He had ip nat outside on both interfaces. The
inside interface was suppose to face my LAN. Once we removed NAT from the
interface facing my LAN, I could telnet to that interface. The NAT string
told the router to overload the interface facing my LAN. 

                I understand that removing the misconfiguration fixed my
first problem but why? 

                -




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61661&t=61661
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]