Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Networking (https://www.cableforum.uk/board/forumdisplay.php?f=87)
-   -   Hardware VPNs (https://www.cableforum.uk/board/showthread.php?t=33603880)

greencreeper 22-11-2006 00:34
Hardware VPNs
 
Might be one for the hardcore-CCNP-types out there...

Scenario: Cisco, hardware-based VPN ceases to function on a random basis - remote clients cannot access an application on a server. Rebooting the server fixes the problem. Nothing wrong with the server - Event Logs clear. Configured fine vis networking. Nothing wrong with the application - clients on the network local to the server are functioning fine. Oddly, all was fine before installing Service Pack 1 (Windows Server 2003), and it has been suggested that this is the issue. I've taken a look at Service Pack 1 includes, and there are various changes, many designed to increase security. Some directly modify the behaviour of TCP/IP.

I'm struggling to understand how rebooting the server would help, since the VPN should be transparent to the server, no? Unless the server is doing something, or there is something about TCP/IP traffic that is routed via a VPN. But it's random though :spin:

Anyone know of or encountered any issues?

The Jackal 22-11-2006 00:49
Re: Hardware VPNs
 
what is it a catalyst ? Have you got sticky connections set on the catalyst side ?

Check how many open sockets you have on the server.

greencreeper 22-11-2006 09:19
Re: Hardware VPNs
 
No idea what a Catalyst is. The VPN itself is a mystery - I have no idea what it is and have no access to it. I thought about sockets (and ports) but the network/clients local to the server are fine. The traffic will be Telnet - nothing complicated. I've disabled a new feature in Service Pack 1 that tries to thawt SYN attacks (not entirely sure what these are). It might also be needing a hotfix - will have to check his on Friday though.

It bothers me when I can't fix things - I have a failure complex :D

The Jackal 22-11-2006 09:39
Re: Hardware VPNs
 
Well if you can get on the box and do a netstat that would be great....

If you have like thousands of open/waiting sockets then there resides your problem...

Wouldnt worry about SYN attacks unless you dont trust your authorized users : machine should be firewalled anyway ?

greencreeper 22-11-2006 14:34
Re: Hardware VPNs
 
Will have a look at the ports if the issue occurs again.

This is Microsoft for - they're not content to write software full of holes. Have to add "features" in Service Packs that cause all manner of problems.


All times are GMT +1. The time now is 01:41.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum