Why does a TCP connection fail to be established even if ping succeeds


To establish a TCP connection, the server must have a Listening port and the client must initiate a TCP connection. Run the display tcp status command to check whether a Listening port is configured on the server and the client initiates a TCP connection.

Other related questions:
Why does the TCP connection fail even if the server and client both initiate a TCP connection
LDP sessions are established based on TCP connections using MD5 authentication. The TCP connection cannot be established, if one end is configured with MD5 authentication while the other end is not, or the MD5 passwords on the two ends are different. If MD5 cipher text authentication is proprietary on other vendors' devices, Huawei devices cannot set up a TCP connection with these devices.

Why does not a client initiate a TCP connection
The prerequisite for a client to initiate a TCP connection is: The client receives a Hello message from the peer end and finds itself the destination client based on the transport address carried in the Hello message. If the client does not initiate a TCP connection, check the Hello message receiving and transport address in the received Hello message.

Why cannot an LSP session become Up after a TCP connection is established
After a TCP connection is established, the two ends of the TCP connection negotiate parameters such as label distribution mode (DU or DoD). If negotiation fails, the LSP session cannot become Up.

Why data packets do not pass the IPSec tunnel
Service packets fail to be transmitted after an IPSec tunnel is successfully established. To troubleshoot this fault, perform the following operations: 1. Check whether data packets match any ACL rule. 2. If NAT is configured on an interface, the matching ACL rule must deny data flows protected by IPSec. After confirming that the ACL rule is correctly configured, enable IPSec. 3. If SHA2 authentication is used, configure the ipsec authentication sha2 compatible enable command. 4. Check that the route configuration is correct. 5. Check that data packets can reach the AR router.

Problem and solution when BGP peer cannot be established
The BGP peer establishment on the firewall needs to use port 179 to establish TCP sessions and requires that OPEN messages be properly exchanged. Perform as follows to rectify the issue: 1. Check whether the AS number and IP address among peers are correct by using the display bgp peer command. 2. Check whether the router IDs configured on both BGP peers are conflicting by using the display bgp peer command. 3. If the loopback interface is used, check whether the peer connect-interface command is configured to specify the loopback interface as the source interface for sending BGP packets. 4. If EBGP neighbors are not directly connected to the physical layer, check whether the peer ebgp-max-hop command is configured. 5. Check whether there are available routes to the peer in the routing table. 6. Check whether there are reachable routes to the specified connect-interface by using the ping -a source-ip-address host-address command. 7. Check whether the ACL that is used to disable TCP port 179 is configured.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top