ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
octanebob
New Member
Posts:
1
Joined:
Tue Jul 31, 2012 4:55 pm
Certs:
ATSA

Identify the point at which a connection is failing

Tue Jul 31, 2012 5:01 pm

All,

This is my first post here so I apologize if it's out of place.

I've got an application running on a Windows 2008 server that I have verified as live on port 8085 at localhost. I've also verified on the server itself that port 8085(and in fact, all ports) are open right now. Despite this, I have no connection to this port on the server. Let me back up a bit an explain the architecture I'm working with.

windows_server >> Switch >> Firewall >> Firewall >> Internet

Everything but my server is managed by my hosting company who is insistent that this is a server issue. Is there a way to find out at what point my connection to port 8085 is failing? I feel like it's stopping at one of the Firewalls but need proof of this theory to get something done about it.

Sincerely,

Bob

Richard Giagnacovo
New Member
Posts:
19
Joined:
Tue Sep 02, 2008 3:51 pm

Re: Identify the point at which a connection is failing

Tue Jul 31, 2012 5:25 pm

Try tracetcp from a host on the Internet. If possible, try a service that you can verify and know is working, then try port 8085 and compare.

rc172
Member
Posts:
213
Joined:
Sun Apr 17, 2011 3:28 pm
Certs:
CCSP/CCNP:Security GIAC GPEN

Re: Identify the point at which a connection is failing

Tue Jul 31, 2012 7:22 pm

Does the switch support any kind of SPAN port or port mirroing? You could try running a packet sniff on everything coming in and out of the server then try to do a port scan to 8085 from a computer outside the firewall. I would also run a tcpdump / wireshark on the computer outside the firewall to see you get any sort of reply.
The Cubicle Wizard
http://cubiclewizard.blogspot.com/

User avatar
burnyd
Post Whore
Posts:
3159
Joined:
Fri Nov 13, 2009 5:15 pm
Certs:
CCIE R&S/SP,CCNP-SP,JNCIA,VCP510,VCA-DCV

Re: Identify the point at which a connection is failing

Tue Jul 31, 2012 7:25 pm

telnet to port 8085 from outside the firewall. Or if you have access to it run a packet capture look for any issues within the capture.
http://danielhertzberg.wordpress.com - I blog about networks!

'

Return to Cisco Security

Who is online

Users browsing this forum: No registered users and 32 guests