QuintusSmit
asked on
Firewall blocking vpn traffic
Hi
We have an intercampus VPN managed by a new company and we are in the process of migrating the current system to the new one.
My current system used an ipsec vpn between campuses and is a clearOS (centos) system. We had a server running the clearOS OS at every campus and then used the built in ipsec vpn to connect them.
The new system is managed by a 3rd party with cisco routers. Basically all campuses connect to the same network with the cisco routers and there is a single breakout point at the 3rd party offices to the outside.
My servers seems to be blocking the VPN traffic. If I switch off the firewall everything is fine but if it is one I can only connect to the actual servers and no other PC's on the campus LAN. They do provide a firewall so this question is more about me being curious than critical. My servers are to become file servers only so the firewall is not a big issue but if possible I would like to have the option.
Here is the setup:
A traceroute from within campus 01 shows the problem to be the eth0 NIC on the server. Everything stops at 10.70.21.2. I can ping and access samba on 192.168.0.1 (the server) but not on other PC's in that network. I specifically need to get to 192.168.0.254.
As I said before when I switch off the firewall at campus 02 I can access everything and the VPN is fine.
We have an intercampus VPN managed by a new company and we are in the process of migrating the current system to the new one.
My current system used an ipsec vpn between campuses and is a clearOS (centos) system. We had a server running the clearOS OS at every campus and then used the built in ipsec vpn to connect them.
The new system is managed by a 3rd party with cisco routers. Basically all campuses connect to the same network with the cisco routers and there is a single breakout point at the 3rd party offices to the outside.
My servers seems to be blocking the VPN traffic. If I switch off the firewall everything is fine but if it is one I can only connect to the actual servers and no other PC's on the campus LAN. They do provide a firewall so this question is more about me being curious than critical. My servers are to become file servers only so the firewall is not a big issue but if possible I would like to have the option.
Here is the setup:
A traceroute from within campus 01 shows the problem to be the eth0 NIC on the server. Everything stops at 10.70.21.2. I can ping and access samba on 192.168.0.1 (the server) but not on other PC's in that network. I specifically need to get to 192.168.0.254.
As I said before when I switch off the firewall at campus 02 I can access everything and the VPN is fine.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Suggestion of using wireshark was a good one. In the end though the problem was on the side of the service provide. This is bit technical for me but turns out the package sizes used by clearOS was not compatible with their system which caused things to go in a loop on their side
ASKER