Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dealership Using Advent - Ports Block…

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 1 Posters 334 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zero6699
      last edited by

      Hi everyone,

      I'm working with a dealership that uses Advent as there DMS (Dealer Management System).  The way there solution works is by having an Cisco ASA connected
      from the wan to the lan with a static ip address on both wan and lan and builds up a VPN to there network. There was a sonicwall in place that was working with this config.
      Currently I have setup a gateway that points to the static LAN IP address and then setup a static route that says 1.1.1.0/26 is out this gateway. 
      Since the ASA is on the LAN I figured I would not need to set any firewall rules since I think the PFSense see it as all LAN traffic anyways, but just trying to get it to
      work i have made 2 rules that says any traffic to/from is allowed. As of now it works but we cannot print.  The way printing works is you share a printer from a
      windows computer configure the terminal server per user that they are using 192.168.0.12 and there printer share name is oki. 
      There is also a user made on the computer that has access to the printer and that is the credentials used for printing.  I have been told by there support that it is because ports are
      being blocked.  Not sure what to try next.  Below is a bit of a diagram of how the network is configured.

      Any help would be greatly appreciated.

      +–----+
      |WAN |
      +--+--+
        |
        |              +---------------+
        +----------+ Switch        |
                      ++-----------++
                          |              |
                          |              |
                          |2.2.2.1  |2.2.2.2
                          |          ++------+
                +------+--+    | ASA    | VPN Tunnel to 1.1.1.78
                |PFsense |    |            |
                |              |    +---+----+
                +--+------+          | 192.168.0.222
                    | 192.168.0.1 | 
                    |                    |
                    |                    |
                    |      +----------+--+
                    +----+                  |
                            |    LAN        |
                            +--------------+

      1 Reply Last reply Reply Quote 0
      • Z
        zero6699
        last edited by

        Ok so setting up a default route was too much not needed? I have since removed it and the program still works.

        In other things. I ran some packet capture on PFSense just watching port 445 and I got this.

        10:53:31.077123 IP 192.168.95.132.microsoft-ds > 172.23.22.11.50841: tcp 0 10:53:34.078879 IP 192.168.95.132.microsoft-ds > 172.23.22.11.50841: tcp 0 10:53:40.073200 IP 192.168.95.132.microsoft-ds > 172.23.22.11.50841: tcp 0 10:53:41.085657 IP 192.168.95.132.microsoft-ds > 172.23.22.11.50843: tcp 0 10:53:44.085386 IP 192.168.95.132.microsoft-ds > 172.23.22.11.50843: tcp 0 10:53:50.085715 IP 192.168.95.132.microsoft-ds > 172.23.22.11.50843: tcp 0 10:53:51.084497 IP 192.168.95.132.microsoft-ds > 172.23.22.11.50847: tcp 0 10:53:54.087917 IP 192.168.95.132.microsoft-ds > 172.23.22.11.50847: tcp 0 10:54:00.089179 IP 192.168.95.132.microsoft-ds > 172.23.22.11.50847: tcp 0 10:54:01.093382 IP 192.168.95.132.microsoft-ds > 172.23.22.11.50848: tcp 0

        So I think this shows trafic is going to the computer so I ran wireshark on the client pc and this is what i captured with (tcp.port == 445).

        https://pastebin.com/Y26M2a6a

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.