Guest

Cisco ONS 15300 Series

CTC Issue with Internet Connection Firewall on Windows XP

Document ID: 65052

Updated: Dec 01, 2005

   Print

Introduction

This document describes one reason why the Cisco Transport Controller (CTC) frequently loses connection with the Network Element (NE), and provides a solution.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • Cisco ONS 15454

  • CTC

  • Microsoft Windows XP Internet Connection Firewall (ICF)

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco ONS 15454

  • CTC

  • Microsoft Windows XP

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Information

A firewall is a security system that acts as a protective boundary around a network. Windows XP includes Internet Connection Firewall (ICF) software. You can use ICF to restrict the information communicated between the Internet and the internal network. ICF also protects a single computer that is connected to the Internet through a cable modem, a DSL modem, or a dial-up modem.

Problem

CTC frequently loses connections to one or more NEs, and a CTC alert message that states, "Lost Connection" appears (see Figure 1). Usually, the connection recovers within one to two minutes. However, any unsaved tasks before the disconnection are lost.

Figure 1 – CTC Alerts: Lost Connection Error

ctc-firewall-xp_01.gif

Examine the corresponding ICF security log file, and identify packet dropss between CTC and NE. The name of the default ICF security log file is pfirewall.log. This log file resides in the C:\windows directory by default.

2005-05-24 11:21:52 DROP TCP 172.16.105.216 172.18.3.144
 1392 1060 60 S 864357245 0 8192
- - -  RECEIVE
 2005-05-24 11:21:55 DROP TCP 172.16.105.211
 172.18.3.144 2494 1060 60 S 816386595 0 8192
- - - RECEIVE2005-05-24 11:21:55 DROP TCP 172.16.105.213
 172.18.3.144 3596 1060 60 S 2821416302 0 8192
- - - RECEIVE

Cause

This problem occurs due to an issue with the Windows XP ICF configuration. If ICF is enabled on a LAN connection with other computers, ICF blocks file and printer sharing. This is the root cause of the issue, and this message appears when ICF is enabled:

The ICF on CTC is enabled

Solution

You must disable ICF in order to solve the problem.

Complete these steps in order to disable ICF:

Note: You require Administrator privileges to perform these steps.

  1. Select Start > Settings > Control Panel.

  2. Double-click Network Connection.

    Figure 2 – Network Connection

    ctc-firewall-xp_02.gif

  3. Select Local Area Network, or High–Speed Internet, on the basis of whichever connection requires protection.

    Figure 3 – Network Tasks: Select LAN or High-Speed Internet

    ctc-firewall-xp_03.gif

  4. Check the Change settings for this connection check box in the Network Tasks option list.

    Figure 4 – Network Tasks: Change Settings for this Connection

    ctc-firewall-xp_04.gif

  5. Right-click Local Area Connection, and select Properties.

    Figure 5 – Network Tasks: Properties

    ctc-firewall-xp_05.gif

  6. Click the Advanced tab in the Local Area Connection Properties dialog box.

    Figure 6 – Local Area Connection Properties

    ctc-firewall-xp_06.gif

  7. Clear the Protect my computer and network by limiting or preventing access to this computer from the Internet check box in the Advanced tab Internet Connection Firewall area in order to disable ICF.

    After you disable ICF, CTC no longer loses connectivity, and works properly.

Related Information

Updated: Dec 01, 2005
Document ID: 65052