Hi, I have setup a complicated network as the following:
(SiteA)PIX506E ---> (SiteB)[PIX515E + Router1 ] ----> SiteC[Router2 + LAN ]
- SiteA + SiteB = VPN Tunnel
- SiteB + SiteC = Routable Traffic
- Traceroute and ping are working properly between tree sites.
- domain name can be resolved between sites
I found that some packets lost ( from SiteA --> SiteC ), and the packet can not be retransmitted; But the packet can be retransmitted between SitA --> SiteB;
The packet captured as the following :
- Packet can not be retransmitted ( SiteA -> SiteC ):
Source Destination Protocol information
172.27.29.80 172.28.0.99 SSLv2 Client Hello 172.28.0.99 172.27.29.80 SSL [TCP Previous segment lost] Continuation Data172.27.29.80 172.28.0.99 TCP [TCP Dup ACK 178#1] 2161 > https [ACK] Seq=79 Ack=1 Win=65535 Len=0 SLE=1381 SRE=2223
172.28.0.99 172.27.29.80 TCP https > 2161 [RST, ACK] Seq=2223 Ack=79 Win=0 Len=0
- Packet can be retransmitted ( SiteA -> SiteB ):
172.27.29.80 172.27.1.13 TCP [TCP Dup ACK 215#1] 2223 > https [ACK] Seq=79 Ack=1 Win=65535 Len=0 SLE=1381 SRE=1548
172.27.1.13 172.27.29.80 SSLv3 [TCP Retransmission] Server Hello, Certificate[Unreassembled Packet]172.27.29.80 172.27.1.13 TCP 2223 > https [ACK] Seq=79 Ack=1255 Win=64281 Len=0 SLE=1381 SRE=1548
172.27.1.13 172.27.29.80 SSLv3 [TCP Retransmission] Continuation Data, [Unreassembled Packet]172.27.29.80 172.27.1.13 SSLv3 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
172.27.1.13 172.27.29.80 SSLv3 Change Cipher Spec, Encrypted Handshake MessageAnybody has idea what the problem happened to the network ?
- the Router blocks the packet transmission
- The firewall blocks the packet transmission
- the vpn tunnel blocks the packet transmission
- the MTU value between firewalls ?
- The VPN configuration has problem ?
- others
Thank you so much for your input. Benson