4059IP gives L3 open error while oxe connected behind firewall and DMZ switch

[gulu]

Hi All,
I have been facing an issue to make 4059 IP in service when the oxe is connected behind a firewall and a DMZ switch . Error is" L3OPEN,I2 protocol init fail" . However it works fine as soon as oxe not behind firewall and DMZ switch. (attaching working and non working topology for better understanding)

Firewall team says that they have opened all the ports in bi-directional mode , in my wireshark trace taken from 4059 pc i can see TFTP request is not getting complete (wireshark screen shot is attached) hence it is not moving to UDP for further communication.

OXE r 9.0 , 4059ip R 5.5.3 , appreciate your inputs.

[bjin]

Hi there,

Abcacom (which handles all OXE/Abc-a traffic ) first need to ask OXE on which udp port to listen for inbound abc-a messages.
In order to do this TFTP is used, where a "file" (not really a physical file...) is downloaded containing only the port number ( OXE Base Port + 8 )
OXE Base Port is configurable in OXE and is usually either 32000 or 32512, yielding 32008 or 32520 for abc-a.
Abcacom then start listening for inbound abc-a on this port.
This setup is obviously a nightmare from a firewall point of view, but hey, that's the way it works.
Make sure to add abcacom.exe to communicate thru the firewall using both TFTP and ABC-A.

/B

[lobhugo]

Hi gulu, were you able to resolve this problem. If so, what was the resolution?