JTAPI + UDP = ICMP Port Unreachable
Hi,
We're writing an IVR application which register itself as a CTI Route Point. This CTI RP has one line, 2000, which receive the external call (PSTN) from a voice gateway. A customer calls 0800 number, then flows thru PSTN->E1->Gateway->CallManager (2000)->CTI RP.
JTAPI triggers an incoming call event (TermConnRingingEv), I answer this call (terminalConnection.answer()), I receive a TermEv event (CiscoRTPOutputStartedEv), get remote address and port by rtpOutStarted.getRTPOutputProperties() (getRemoteAddress and getRemotePort properties) and start sending RTP audio (CiscoRTPPayload.G711ULAW64K, 160).
Here begins my problems. Testing this scenario with internal calls only, it was 100% perfect! But using external calls (E1->gateway), all the time getRemoteAddress answers the same IP Address (of course, gateway address). But each time there's a different port, one for each call. Usually we have success and the audio comes to final destination: the mobile phone on PSTN; but sometimes the DatagramSocket.send(DatagramPacket) method throws exception "ICMP Port Unreachable" and the call remains active but mute.
There's no pattern for this problem, sometimes it works, sometimes doesn't.
Our CUCM version is 7.1, there's no Unity or IPCC on environment, just CallManager, Gateway and application.
StackTrace:
java.net.PortUnreachableException: ICMP Port Unreachable
at java.net.PlainDatagramSocketImpl.send(Native Method)
at java.net.DatagramSocket.send(DatagramSocket.java:612)
Thanx!
It means there is no UDP connectivity between whatever host gets the exception and whatever host that socket is connected to. Typically a firewall problem.
The addresses of 0.0.0.0 just mean that the socket is bound to all interfaces, it's not a problem.
Similar Messages
-
Can someone clarify what the exception java.net.PortUnreachableException: ICMP Port Unreachable indicates (aside from the obvious)? Here is the scenario: using UDP I have a client application, a gateway application, and a server application. The client sends to the server through the gateway and vice versa. I have created 2 sockets, one between the client and the gateway and one between the gateway and the server. When I try to send from the gateway to the client the packet never makes it to the client (server side is fine). When I call sock.getLocalSocketAddress and sock.getRemoteSocketAddress both are 0.0.0.0 (the latter at least has the right port number). The gateway acts as a server for the client and as a client to the server. I tried to fix this using sock.connect on the gateway side for the client facing socket but this eventually generates the ICMP port unreachable exception on the gateway side when receiving from the client.
Thank you in advance.It means there is no UDP connectivity between whatever host gets the exception and whatever host that socket is connected to. Typically a firewall problem.
The addresses of 0.0.0.0 just mean that the socket is bound to all interfaces, it's not a problem. -
Ping return a lot of "ICMP Port Unreachable from gateway"
hi all,
continues getting many "ICMP Port unreachable" messages while i ping a host that is within same subnet. both servers are running solaris 10 U6. is there any wrong configuration of IPMP ?
PING rac-dbs-a2: 1024 data bytes
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=0. time=0.830 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=1. time=0.608 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=2. time=0.547 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=3. time=0.611 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=4. time=0.543 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=5. time=0.616 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=6. time=0.663 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=7. time=0.596 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=8. time=0.672 ms ICMP Port Unreachable from gateway rac-dbs-a2 (10.1.3.27) for udp from rac-dbs-c2 (10.1.3.36) to rac-dbs-a2 (10.1.3.27) port
37833
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=9. time=0.582 ms
----rac-dbs-a2 PING Statistics----
10 packets transmitted, 10 packets received, 0% packet loss round-trip (ms) min/avg/max/stddev = 0.543/0.6268/0.830/0.0828
ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
bge0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2
inet 192.168.1.27 netmask ffffff00 broadcast 192.168.1.255
groupname internal-multipath
bge0:1:
flags=201040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,CoS> mtu 1500 index 2
inet 192.168.1.37 netmask ffffff00 broadcast 192.168.1.255
bge1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3
inet 172.22.100.27 netmask ffffff00 broadcast 172.22.100.255
groupname smtm-multipath
bge2: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 4
inet 10.1.4.27 netmask ffffff00 broadcast 10.1.4.255
groupname crf-multipath
bge2:1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 4
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
bge3: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 5
inet 10.1.3.27 netmask ffffff00 broadcast 10.1.3.255
groupname rac-multipath
bge3:1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 5
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
ce0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 6
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
groupname internal-multipath
ce1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 7
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
groupname smtm-multipath
ce2:
flags=249000842<BROADCAST,RUNNING,MULTICAST,IPv4,NOFAILOVER,INACTIVE,CoS
mtu 0 index 8inet 0.0.0.0 netmask 0
groupname crf-multipath
ce3:
flags=249000842<BROADCAST,RUNNING,MULTICAST,IPv4,NOFAILOVER,INACTIVE,CoS
mtu 0 index 9inet 0.0.0.0 netmask 0
groupname rac-multipath
Edited by: hello78 on May 11, 2009 9:02 PMThis isn't a Java question. Try the Solaris forum.
-
Can PIX 506e return port unreachable
Hello
Can PIX 506e return ICMP port unreachable on Linux traceroute with UDP data gram, and if somebody knows how, can you make an example of the access-list how it should be written to allow this response?PIX won't return an ICMP port unreachable message and access lists cannot be configured to make PIX to respond a port unreachable.
-
SIP/JSR180: Register Response lost as host throw ICMP message: Port Unreach
Hi All,
I am trying to create a VoIP application using JSR 180 for mobile device using Java Wireless toolkit.
My VoIP application is trying to register an IMS core network.
I am using J2ME emulator to develop/test the application.
My application is correctly sending REGISTER request to IMS core and wireshark shows that IMS core sends correct 200 OK for REGISTER request.
My application is sending the REGISTER request from a dynamically selected port (eg. 3456) to 5060 to my proxy and the response 200 OK is coming to the same port, but my host system throws ICMP message quoting "Port Unreachable".
I guess, the UDP port (3654), is closed as soon as the REGISTER request is sent to network from J2ME enviroment.
Is there any need for some special setting/configuration so that the port is not closed.
Please help.
Regards,
ShivSorry I have the lines:
sipConnection.initRequest("REGISTER", sipNotifier);
and not
sipConnection.initRequest("REGISTER", null);
in my code....the code in the previous post has that error but also with sipNotifier it doesn't work due the same problem. -
Udp client: destination port unreachable question
Hello,
I used "trivial" UDPClient / Server example to send datagrams from one local interface (eth1) on my Linux box to Datagram server on yhe host not included into local routing table and I tried to capture outgoing udp traffic on interface eth1. I've got IOException
"ICMP: destination unreachable" and I only could capture outgoing
packets on loopback interface ( with Ethereal). Can someone help to
resolve my confusion: I thought UDP is "connectionless", e.g. will be
sent regardless. What does ICMP have to do with it and why does this
traffic appear on loopback interface?
Thank you,If you are using a specific destination it still has to route.
-
PXE DHCP ICMP:Destination Unreachable Message
Hi
I have a question regarding PXE and DHCP. Is it possible to ping a machine, which is in PXE boot with a DHCP address and able to access my SCCM server? Unfortunately i cannot ping the machine and in network traffic i see:
12913 17:00:17 01.04.2015 759.8323064 SRV-SCCMDP-501 <00> 172.16.10.66 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:228}
No firewall between the machines and is the same subnet.
Thank you in AdvanceHi Torsten
Thank you for your reply. I'm in hardware pxe, so no firewall is active.
Here is the network traffic:
1525597 11:55:38 02.04.2015 68880.5266514 172.16.10.25 SRV-SCCMDP-501 TFTP TFTP: Read Request - File: SMSBoot\x64\wdsnbp.com, Transfer Mode: octet tsize: 0 {UDP:1483, IPv4:1477}
1525598 11:55:38 02.04.2015 68880.5266948 SRV-SCCMDP-501 172.16.10.25 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:1477}
1525701 11:55:44 02.04.2015 68886.5143787 172.16.10.25 SRV-SCCMDP-501 TFTP TFTP: Read Request - File: SMSBoot\x64\wdsnbp.com, Transfer Mode: octet tsize: 0 {UDP:1488, IPv4:1477}
1525702 11:55:44 02.04.2015 68886.5144115 SRV-SCCMDP-501 172.16.10.25 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:1477}
I'm lost.... -
Can ACE 4710 send ICMP-dest-unreachable?
Dear Community!
We have previously configured an ACE context for implementing redundant corporate DNS service and now testing a transparent ACE context and HA configuration.One virtual-IP is configured for UDP/53, listening for DNS requests. Behind the VIP, there are 3 DNS server. The next step of our testing process, we have shut down all real-server instance behind the virtual-IP while inspecting DNS clients behaviour. Besides the DNS clients requesting the virtual-IP DNS service need ICMP-destination-unreachable packet to switchover the secondary DNS server.
Can ACE 4710 send ICMP-dest-unreachable?
Thanks in advance!
Regards,
Belabacsi
from HungaryUnfortunately the 4710 does not send icmp unreachable when a vserver is down.
If you have backup dns service, you can configure it on ace itself.
Gilles. -
New Install - ICMP Host Unreachable from gateway
Hi team,
I'm configuring a new solaris x86 box for the first time in a long time and I'm running into a problem that has me stumped.
I just installed Solaris 10 v7 on a P4 Dell box with an intel pro1000 adapter loaded.
Installed using ZFS and install went well. I set a static IP of 192.168.1.70 on a proper 192.168.1.x lan.
After install, everything seems to work fine but cannot ping a FQDN such as www.google.com, etc.
at first, I tried to join a local domain - maxximgroup.com and my computer name is set to sunzilla.
Here's my network config files;
sunzilla is set up with static IP = 192.168.1.70
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.70 netmask ffffff00 broadcast 192.168.1.255
ether 0:1b:21:27:56:2c
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
e1000g0: flags=2004841<UP,RUNNING,MULTICAST,DHCP,IPv6> mtu 1500 index 2
inet6 fe80::21b:21ff:fe27:562c/10
ether 0:1b:21:27:56:2c
And /etc/hosts shows host name sunzilla associated w/ 192.168.1.70...
# cat /etc/hosts
# Internet host table
::1 localhost
127.0.0.1 localhost
192.168.1.70 sunzilla loghost
And my resolv.conf file shows my internal DNS routers as well as a 3rd I added (4.2.2.2) just in case...
# cat /etc/resolv.conf
domain maxximgroup.com
nameserver 192.168.1.20
nameserver 192.168.1.22
nameserver 4.2.2.2
search maxximgroup.com
I noticed the /etc/defaultrouter file was MISSING... so I created one pointing to my router...
# cat /etc/defaultrouter
192.168.1.1
And finally, I checked the /etc/nsswitch.conf file and it does indeed show hosts & ipnodes --> files & dns ...
# cat /etc/nsswitch.conf
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# /etc/nsswitch.dns:
# An example file that could be copied over to /etc/nsswitch.conf; it uses
# DNS for hosts lookups, otherwise it does not use any other naming service.
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# DNS service expects that an instance of svc:/network/dns/client be
# enabled and online.
passwd: files
group: files
# You must also set up the /etc/resolv.conf file for DNS name
# server lookup. See resolv.conf(4).
hosts: files dns
# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes: files dns
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
printers: user files
auth_attr: files
prof_attr: files
project: files
tnrhtp: files
tnrhdb: files
I can ping local IP addresses ...
# ping 192.168.1.1
192.168.1.1 is alive
But not external addresses ...
# ping 67.15.211.8
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
^C#
and naturally, I can ping a FQDN either (confirmed to be pingable on a computer on the same lan) ...
# ping mycloud.local
ping: unknown host mycloud.local
Can anyone provide some guidance pls?Thanks Robert. You were absolutely on the right track. It turns out that in my "rush" to get my new ZFS "toy" up and running, during the install, I gave Solaris a static address but told it to automatically find the gateway. Oops! When solaris 10 installed, it correctly decided that since it had a static IP, it should assign the gateway as itself! So, naturally, when I ran netstat -m, It showed my gateway as myself! 192.168.1.70 sunzilla.
I'm used to running Solaris on a Sparc platform and I'm a bit uncomfortable with reboots and I figured there would surely be a network restart command somewhere. After finding out that things have now changed in Solaris 10 quite a bit from Solaris 8, I just decided to init 6.
After the system came up, everything was happy : -)
So again, thanks to Robert for helping save the day! -
Is it dangerous if I expose UDP 1434 port of SQL 2008R2 server in Azure VM to the Internet ?
I am setting up client/server Application running on SQL2008 server on Azure VM.
Is it dangerous if I expose UDP 1434 port of SQL 2008R2 server in Azure VM to the Internet ?I do not get your answer exactly , but you mean "That is a much bigger issue from a security perspective." this is dangerous to expose SQL server connection port to the Internet ?
Application uses named SQL instance , so it needs UDP 1434 port to connect to SQL server.
Exposing any server to a network is dangerous. Exposing a server to the public internet is more risky than connecting to a private network. You cannot eliminate risk but it can be mitigated.
An inherent risk with exposing the SQL Server port is that any client with network connectivity can then try to compromise security, commonly with a dictionary attack. A malicious user can then gain access to the database limited only by
the compromised account security context.
There are several steps you can take to mitigate this risk. To name a few, allow only trusted IP addresses through the firewall. Run only those services actually needed. Expose only those ports needed. Rename the sa login.
Assign strong passwords to all accounts. Keep all software up-to-date with security patches. Use a service layer to access database services instead of directly from front-end clients.
In your case, you can hard-code the named instance port in connection strings instead of using the SQL Browser service. Your connection strings do not need to specify the instance name with this technique and UDP 1434 is not needed for connectivity.
Dan Guzman, SQL Server MVP, http://www.dbdelta.com -
ICMP Host Unreachable from gateway localhost (127.0.0.1)
I had a functional zone. But we had an outage and for some reason one of my zones is unreachable. Looks like the problem is that the default route has changed. How can I add a default route to a zone?
Thanks
Manish
--- global zone ---
-bash-3.00# zoneadm list -iv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
2 www running /export/zones/www native shared
4 java running /export/zones/java native shared
--- zone java ---
-bash-3.00# ping 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
-bash-3.00# ifconfig -a
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
bge0:3: flags=4001000842<BROADCAST,RUNNING,MULTICAST,IPv4,DUPLICATE> mtu 1500 index 2
inet 131.247.16.149 netmask ffffff80 broadcast 131.247.16.255
-bash-3.00# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
127.0.0.1 127.0.0.1 UH 4 61 lo0:1
-bash-3.00# route add default 131.247.16.254
add net default: gateway 131.247.16.254: insufficient privileges
--- zone www ---
-bash-3.00# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
default 131.247.16.254 UG 1 47
131.247.16.128 131.247.16.131 U 1 13 bge0:2
224.0.0.0 131.247.16.131 U 1 0 bge0:2
127.0.0.1 127.0.0.1 UH 4 108 lo0:2ifconfig -a will show when you have a duplicated IP address.
It appears along with the text values for the interface flags ie
host-u010|global$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
bge0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> m
tu 1500 index 2
inet 10.236.93.156 netmask ffffffc0 broadcast 192.168.93.191
groupname data
host-u010|global$
You would see DUPLICATE or DUPLICATED in that field, and the flags would be different. Sorry, I don't have a duplicate IP situation going on right now, but my memory says it looked something like this:
host-u010|global$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
bge0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,DUPLICATE> m
tu 1500 index 2
inet 10.236.93.156 netmask ffffffc0 broadcast 192.168.93.191
groupname data
host-u010|global$
Cheers, -
Incoming RTP traffic blocked by SPA112 ATA: UDP port unreachable
Hi folks,
I'm using a Cisco SPA112 ATA behind a NAT, where port 5060,5061 and 16384-16482 are forwarded. Registration to the SIP proxy also works fine. However, I'm struggling with audio issues, meaning that the RTP session is not setup properly.
When investigating this issue at the packet-level, I found that the ATA itself is blocking traffic:
21:00:21.857655 IP 192.168.x.y > 82.197.a.b: ICMP 192.168.x.y udp port 16452 unreachable, length 208
The blocked port number depends per session, but is always between 16384 and 16482.
Actually, the issue sounds very much like in [1]. However, the proposed solution (disabling CDP) is not of any help to me, since it's disabled on my ATA by default. Any clue what could be the reason for this behaviour? Your help is greatly appreciated.
[1] https://supportforums.cisco.com/discussion/11470321/spa-962-intermittently-no-audio-rtp-port-closedunreachableHi,
You can try this packet Tracer:-
packet input outside udp <External Source Ip on the internet> 45657 <Outside interface IP> 43139 det
For the captures , you just need to verify that the ASA device is passing the traffic through as this is UDP traffic , we would not be able to find much.
For more information on captures:-
https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios
Let me know if you have any further queries.
Thanks and Regards,
Vibhor Amrodia -
Airplay disconnection: port unreachable
Hi,
I use my mac (on maverick) with an airplay speaker and I have a disconnection problem.
Sometime, the music is cut without specific reason. So I do some tests and I found some trails but I don't know how to resolve this.
If I play a mp3 320kb/s, it cut more often than a 128kb/s (it happens with 128kb/s notwithstanding).
So, the size of the music seems to play in my problem.
I run a tcpdump to see what happens when the music cut.
Here is when the music plays: 10.0.0.1 is my host. 10.0.0.3 is the speaker.
18:34:22.197963 IP 10.0.0.11.54966 > 10.0.0.3.opennl: UDP, length 1018
And when the music cuts:
18:34:54.294150 IP 10.0.0.11 > 10.0.0.3: ICMP 10.0.0.11 udp port 6002 unreachable, length 36
So, it seems the speaker is unreachable.
My question is why ? I don't understand why the speaker becomes unreachable sometime, never on the same times.
Thanks for your help.AirPlay - What does this feature do with Airport Express? Can I send my presentation to Windows and Mac notebooks of the audiances provided they all use the wifi network of Airport Express?
AirPlay is a means to stream audio and video from an iTunes source to an AirPlay-enabled speaker: AirPort Express Base Station (AX), Apple TV, or another vendor's AirPlay-enabled device. Check out the following Apple Support article for details.
USB port - It memtions for printer only. How can a USB port for printer only? I prefer using it with my portable hard disk in more practical conditions. Is it because it cannot provide sufficient power to run the hard disk. In this case, can I use a power adapter of hard disk and connect the hard disk for accessing the data only.
The issue is not related to power. It is because Apple did not include a file server function with the AirPort Express, like it does with the 802.11n AirPort Extreme or Time Capsule. There is NO option to connect a USB HDD to the Express' USB port for sharing it out to network clients.
On the other hand, if you have an actual NAS device, it can be connected to the Express' LAN port and it can then be accessible from network clients. -
Is there a way to preserve the source port for UDP packets that use a PAT pool?
Here is what I need:
The client (1.1.1.1) sends a UDP packet from port 5060 to port 5060 on our external 2.2.2.2. This packet is port forwarded to our internal server 10.10.10.10 with the original source and destination port. The server then sends a UDP response to the client from port 5060 to port 5060. The server is in a PAT pool that only contains the address 2.2.2.2. The ASA changes the source port and our client ends up rejecting the packet because the source port is not what it expected.
How can I preserve the original source port when the packet goes through the PAT pool?
Thanks,
StevenHi,
Well you could probably make this work for the outbound direction BUT in the inbound direction from the Internet I dont think the is really a way to use the same public IP address and public UDP port.
I mean, the ASA doesnt have any way to determine what traffic on destination port UDP5060 to destination IP 2.2.2.2 would have to be forwarded to which internal IP.
It would simply use the first rule matched always.
But as I said for the outbound direction it might work.
You would simply add another similiar NAT statement with different source object with different source IP address. ASA would again accept the command but give an warning about rule overlap.
I guess the below added would work for the outbound direction IN THEORY
object network HOST-1
host 10.10.11.11
object network HOST-2
host 10.10.11.12
nat (inside,outside) source static HOST-1 interface service UDP5060 UDP5060
nat (inside,outside) source static HOST-2 interface service UDP5060 UDP5060
But not for inbound, though if I understood correctly, the inbound traffic should only even go to a single virtual IP
I would imagine this is as close as you can get to "implementing" something wierd on the ASA
- Jouni -
RAC interconnect using UDP - default ports?
Is there a default port used by each cluster member to listen for connections over UDP? We use IPTABLES firewalls on our hosts, and I need to ensure the cluster heartbeat traffic gets through the firewall properly.
Thanks in advance.
Jeffuser2528460 wrote:
I understood the UPD ports that are going to be used on the interconnect (clearly without a firewall). Is there a set of default ports?I did a quick count (using <i>lsof</i> to list UDP ports opened on the Interconnect interface) that showed over 185 UDP ports in use.. E.g.
[root ~]# lsof -n -i | grep UDP | grep "10.0.1.1"
oracle 5577 oracle 10u IPv4 130938 UDP 10.0.1.1:22747
oracle 5577 oracle 15u IPv4 130941 UDP 10.0.1.1:64265
oracle 5579 oracle 10u IPv4 130948 UDP 10.0.1.1:39566
oracle 5579 oracle 15u IPv4 130951 UDP 10.0.1.1:55454
oracle 5579 oracle 21u IPv4 130970 UDP 10.0.1.1:27897
oracle 5581 oracle 10u IPv4 130973 UDP 10.0.1.1:14118
oracle 5581 oracle 15u IPv4 130976 UDP 10.0.1.1:13774
oracle 5583 oracle 10u IPv4 130983 UDP 10.0.1.1:33277
oracle 5583 oracle 15u IPv4 130986 UDP 10.0.1.1:6886
..snipped..I would not be concerned about what ports are in use. The important decisions are do you use bonding for the Interconnect, do you use jumbo or super-jumbo frames (MTU sizes), and so on. The actual ports being used has no real bearing as firewalling is not applicable.
Maybe you are looking for
-
ok So my for months I have been trying to fix this. A few months ago my credit card got turned off. Ever since then my iphone wont let me say 'no credit card' and I can't download anything or update anything. I have tried making a new Apple ID. Nothi
-
Document rows Cannot be closed concurrently - Purchase Orders
hello, I am trying to close Purchase Orders using DTW. When I import the files I get the following error : Document rows Cannot be closed concurrently with the other document modifications you have made (POR1.linestatus). These are item Purchase Orde
-
Unable to upload photos to any hosting site since upgrading to Tiger....
....while using Safari this is the error message that I get when trying to upload photos to any site (http://www.PictureTrail.com or any other site like it): Safari can't open the page. Safari can't open the page "http://www.scubadivingsingles.com/me
-
I am exhausted just getting to the point of being allowed to ask my question. I recently decided to upgrade from an old PowerBook G4 that we have used for years, and am using now. I bought a new Mac Mini and a reconditioned Apple A1267 Monitor that
-
Safari 5.1.5 on MacOS crashes: WebProcess, EXC_BAD_ACCESS
I just haven't found any other way to submit a bug report. Hope you've already fixed that. Process: WebProcess [45840] Path: /System/Library/PrivateFrameworks/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Identifier: