What's new
By:
Filters
ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

Network Puzzle! HELP! Complicated



L

Longy

  Fiesta ST
3450065875_8d69737b72_o.png


Ok I’ve got a serious network problem with a couple of sites and I’m scratching my head a little on this one.


We remote administer a lot of Telephone Systems using a programming tool that connects over the internet via IP. We also configure the routers (if we install them) remotely.

Now I’ve installed the routers in Site A and Site B and the phone guys have put in the phone system in Site A and B. We will be linking the two site’s phone systems with ADSL and a proprietor protocol.

Site B is a long way away so everything I do is remote on it, but Site A isn’t far away to go to if I have to.

The Good:

Me with my laptop can connect from Site A to Site B’s router no problem to configure it.

Me with my laptop can connect from Site A to Site B’s phone system with the prog. tool no problem.

Me with my laptop can connect from the office/Eng/Test network (or anywhere with a net connection) to both Site A and Site B’s router and phone system.

GREAT!

The Bad:

Telecom Guys (x 3 different laptops) can’t connect to Site B’s router or phone system from Site A or from our own Engineering Network.

BUT they can from the office network and test network!!!!!!!!!!!!!!!

All Telecom guys laptops CAN connect to Site A’s router and phone system though from anywhere.

Also the desktop PC’s in the engineering network can’t connect to Site B but can to Site A.

Engineers need to connect from site A to Site B’s router and phone system.

We are connecting to the routers via HTTP, Firewalls are switched off, static ip's on all wan ports. It also looks like they can telnet into both routers from anywhere.

Help please if you can….
 
Last edited:
KDF

KDF

  Audi TT Stronic
Start with some simple network diagnostics.. simple things like tracert/ping can tell you where the packets are being stopped and then you will know where to look.

Unfortunately without a full topology and router configs I can't really help you further.
 
L

Longy

  Fiesta ST
KDF said:
Start with some simple network diagnostics.. simple things like tracert/ping can tell you where the packets are being stopped and then you will know where to look.

Unfortunately without a full topology and router configs I can't really help you further.
Click to expand...

everything can be pinged etc routers haven't really got much set except the one NAT route for a secific port for the phone system. All security features are off for now and the phone system is the only thing behind the router. i'll try and get a wireshark trace off the problem laptops and see from there.
 
A

Andy8CH

ClioSport Club Member
  Clio 172 Mk2
Erm, might be me being stupid or reading the diagram wrong - but the IP addresses on the phone systems in site A and site B are the same?? 192.168.1.190 ?
I realise that this *shouldn't* cause a problem if you address them by the WAN IP's and then it's NAT'd to the boxes, but if the proprietry software uses the internal IP address for ID then I can see why it might cause a problem.
If they are the same surely the first step would be to change the IP's and ranges on one of the sites first? Probably site A as if you screw it up you don't have to drive miles to fix it!
 
L

Longy

  Fiesta ST
Andy8CH said:
Erm, might be me being stupid or reading the diagram wrong - but the IP addresses on the phone systems in site A and site B are the same?? 192.168.1.190 ?
I realise that this *shouldn't* cause a problem if you address them by the WAN IP's and then it's NAT'd to the boxes, but if the proprietry software uses the internal IP address for ID then I can see why it might cause a problem.
If they are the same surely the first step would be to change the IP's and ranges on one of the sites first? Probably site A as if you screw it up you don't have to drive miles to fix it!
Click to expand...

Aye see where your coming from buddy - but my laptop connects fine though? also we can't connect to the router's WAN address to configure the router so the other lan ip shouldn't come into play.
 
L

Longy

  Fiesta ST
ok working with my laptop and a desktop machine in the engineering network I can connect to Site B's router and the desktop can't.

The desktop can ping the router, the desktop can access the router via telnet, tracert is fine. Just won't load the http page at all.
 
ChrisR

ChrisR

ClioSport Club Member
Any kind of mac filtering/ip filtering (although both machines will be connecting using the same public ip so shouldn't be that) set on the zyxel routers that only allows your machine? :/ Clutching at straws I know...

Any remote admin settings on the router that can restrict access in some way?

Which Zyxel model is it as I've got a 660 here..
 
L

Longy

  Fiesta ST
CRunchie said:
Any kind of mac filtering/ip filtering (although both machines will be connecting using the same public ip so shouldn't be that) set on the zyxel routers that only allows your machine? :/ Clutching at straws I know...

Any remote admin settings on the router that can restrict access in some way?

Which Zyxel model is it as I've got a 660 here..
Click to expand...

Aye m8 - remote management over HTTP is set to allow all - so no filtering at all.

I got 2 x P-662H-D1

The odd thing I have noticed is that the ATM loop back test passes on site A but fails on site B - but I pursume thats because the Site B exchange is on the new 21cen.
 
Last edited:
ChrisR

ChrisR

ClioSport Club Member
Anything set on the firewall on the routers that could block certain things, although again if it's all coming from the same ip it shouldn't matter :/
 
L

Longy

  Fiesta ST
Firewalls off - if you get both login screens for site A and B then it must be working, the problem is only with site B and the webpage just hangs trying to load it from site A or from engineering network.
 
ChrisR

ChrisR

ClioSport Club Member
Out of interest what's the internal ip range of the engineers network? Although it shouldn't matter if the internal ranges are the same as it's not like you're vpn'ing between the sites, in effect they are totally seperate entities.
 
L

Longy

  Fiesta ST
Engineering Network is 192.168.0.0 then routed through to 192.168.1.0 to the gateway of 192.168.1.254. Plug my laptop into engineering network and it works still. No proxy server involved.
 
L

Longy

  Fiesta ST
ok heres a server on the Engineering Network that is a router. My laptop uses this to route out to the internet and connects to both site's. Yet the server itself can't load site B but can site A.

Site A:

3451431786_6ca3977139_o.png


Site B:

3451431866_1f212248a1_o.png

Stays like this forever on all laptop and PC's behind the server except my laptop.
 
ChrisR

ChrisR

ClioSport Club Member
if you run an ipconfig /all on your machine then one of the ones that doesn't work is there anything obvious that's different? Your on the same subnet mask, same dns/gateway etc?

I hate this sort of problem, so frustrating :)
 
L

Longy

  Fiesta ST
CRunchie said:
if you run an ipconfig /all on your machine then one of the ones that doesn't work is there anything obvious that's different? Your on the same subnet mask, same dns/gateway etc?

I hate this sort of problem, so frustrating :)
Click to expand...

Yeah all correct that server I posted the screenshot of is our DHCP server also and my lappy is set as DHCP client.

Such a strange error - seems no way to track it down.

Maybe a faulty router in Site B or a possible ADSL2 problem.
 
L

Longy

  Fiesta ST
Thing is - Site A is just a router with nothing else on it except a laptop plugged into it - yet that can't access site b
 
L

Longy

  Fiesta ST
This a wireshark trace of the connection between server connection to Site A and B

Site B: this is the only data in the trace when trying to load the login page on the router.

3450675995_0291700905_o.png


Site A: this is the data in the trace with a successful connection to Site A - notice this trace shows its loaded a lot more packets - couldn't fit them all in the screenshot.

3451493100_9be26bce85_o.png


192.168.1.10 being the server.
 
KDF

KDF

  Audi TT Stronic
A few things.

What is 192.168.1.180 and why does you netgear router keep sending out ARP requests for it ? Check the ARP tables on the router to make sure everything looks right ! remember to send a few pings so that the arp tables are filled.

At site b the last communication is an ACK packet sent (presumably as IP is blanked) to site A's NAT.. another ARP request and then nothing, run it a couple times to make sure you get consistent results.

What protocol is lyskom ? what port ? never heard of it before.. because whatever it is it communications cease just before that point ?
 
L

Longy

  Fiesta ST
KDF said:
A few things.

What is 192.168.1.180 and why does you netgear router keep sending out ARP requests for it ? Check the ARP tables on the router to make sure everything looks right ! remember to send a few pings so that the arp tables are filled.

At site b the last communication is an ACK packet sent (presumably as IP is blanked) to site A's NAT.. another ARP request and then nothing, run it a couple times to make sure you get consistent results.

What protocol is lyskom ? what port ? never heard of it before.. because whatever it is it communications cease just before that point ?
Click to expand...

192.168.1.180 is our Phone system on the engineer network - it uses a voicemail server behind the router server. The netgear you see is our switch - as our router is the zyxel of 192.168.1.254.

The lyskom is part of zyxel login page (auth kinda of thing i think).

Everything in Site A wireshark screenshot is correct (This is from our engineering network to Site A)

It's Site B that's cut short and stalls for no reason I can see (This is from our engineering network to site B).
 
KDF

KDF

  Audi TT Stronic
You need to look at the routing of packets on your network. Somwhere along the line return packets are either not being sent or are being blocked to certain addresses.

check your routing tables etc.

Just checked again. I now can load site b. Looks like its an intermittent problem.
 
M

MickM

  A3 1.8T
Haven't read the hwole thread but have you enabled ip loopback on the router, the Zyxel's often have this disabled:

Telnet to the router and enter administrative password
Go to menu 24 and then 8
Type the command: ip nat loopback on
Type “exit” and then 99 to quit

Bear in mind that when the router is rebooted the setting will disable again.

i may be barking up the wrong tree though!
 
L

Longy

  Fiesta ST
KDF said:
Ah, what size MTU did you have set that was causing the problem ?
Click to expand...

I reckon most stuff was between 1450-1500 (including routers & laptops) and I noticed my laptop was set at the low 1400's so I did a ping fragmenation test to find the opitmal value of 1435 - anything after that and the device wouldn't reply to the ping request. MTU has never been a issue before? Site B is on BT's new 21Cen network so maybe that could be the issue.
 
You must log in or register to reply here.

Similar threads

Donny_Dog
The 'I work in I.T' thread
6 7 8
Replies
314
Views
13K
boultonn
boultonn
P
Injectors popping out of block and fuel rail
Replies
1
Views
224
Yarp
Yarp
Oggy997
SQL Help
Replies
8
Views
418
Ol’ Tarby
Ol’ Tarby
G. Brzęczyszczykiewicz
Relocate fibre broadband
Replies
14
Views
789
R3k1355
R3k1355
M
Best way to get best price on S23 Ultra? Existing Network being annoying..
Replies
26
Views
1K
Oggy997
Oggy997


Top