Security Basics mailing list archives
Re: Peculiar Unresponsivness of IP
From: Kartik <kartik.netsec () gmail com>
Date: Fri, 21 Dec 2007 17:01:38 +0530
Hi All, To Bennett- we already tried some of the things like speed/duplex, different switchport, unplug and plugin the cable etc. To Michael Bellears- During the outage, hen we ping the IP address from the internet we get "Request Timed Out" but at the same time the dice is pingable from inside network. The device can also ping the switch at that time. To Eric Pinkerton- The VPN device is connected via a console, and at the time of outage the VPN device is able to ping the switch. We also tried capturing the packets via wireshark last week and found some STP protocol loop, we rectified it, we also disabled the CDP protocol as it was generating a lot of packets. Despite of this the problem exists. To- Ong Chin Kiat- We can not alter the topology as the datacenter/ site is in a different country. Nothing has been changed on the branch office tunnels and Does a virus or a Worm can flood the VPN device like that? SInce the data will be tunneled and encrypted, i think this can not be the case. What do you say? And as far as logs are concerned, we cheked the logs and didnt find anything, we also opened a ticket with Nortel and sent the logs to them but unfortunately they also said "Everything lokks to be good" On Dec 20, 2007 6:41 PM, Kartik <kartik.netsec () gmail com> wrote:
Hi, We have been facing a peculiar issue since last 15 days, what happens is that ONE of our Public IP addresses which is assigned to a Nortel VPN device gets unreachable(request timed out) for 2-3 MINUTES after every 5 to 10 HOURS. It adversely affects the Branch Office VPN tunnels the moment the Public IP assigned to it gets unresponsive from the internet. The setup is like this:---- <Internet cloud>------- <Cisco Internet Router which is inside our Network>------ <Cisco Switch>-------<Notel VPN Device>-----<Firewall>---------<LAN> (Plz note that this setup has been running since last 3-4 yrs without a problem) Interestingly, When we try pinging the device (Public IP) from the internet we get "request time out" at the time of outage but at the same time when we try to ping the device from inside network, we are able to ping it. In short, when the outage occours: 1) we are able to ping the Internet Router 2) we are able to ping the Switch IP from the Router (for testing purpose we gave the public IP to switch and at the time of outage the public IP of switch is pingable) 3) we are NOT able to ping the Nortel VPN device 4) we are able to ping the Nortel VPN device from INSIDE NETWORK 5) we are able to ping the SWITCH from Nortel VPN device at the time of outage The most interesting part of it is that this outage lasts for only 2-3 minutes and the connectivity automatically gets restored after 2-3 minutes. We cant even presume that when this outage will happen again. sometimes the duration between the outages was 5hrs, sometimes 8hrs and sometimes even 16hrs. We opened a ticket with Nortel technical support and after all the analysis they said that VPN device is working fine. Even we also cheked the Cisco Switch and it also seems to be Ok. Please suggest. -- Thanx, Kartik www.hcl.in +1 408 416 2089 X 5313 +91 9810998169
-- Thanx, Kartik www.hcl.in +1 408 416 2089 X 5313 +91 9810998169
Current thread:
- Peculiar Unresponsivness of IP Kartik (Dec 20)
- Re: Peculiar Unresponsivness of IP Kartik (Dec 21)
- <Possible follow-ups>
- RE: Peculiar Unresponsivness of IP Eric Pinkerton (Dec 21)