IPsec VPN StS - no traffic



  • Hello everyone,
    I got a problem on a IPsec tunnel between 2 branchs. What happen is: tunnel is up, I can ping devices on both sides but can't connect to them. For example I can't make RDP connections between the sides. I tried everything, changed encryption algorithm, auth methods, etc.
    What makes it stranger is that I got others tunnels working on both sides with no problem.
    IPsec rule is set * to * in both Firewalls, outbound NAT is automatic created (even tried with hybrid and still no luck).

    P1 config:
    p1.jpg

    P2 config:
    p2.jpg

    Same config on the other endpoint (obviously source/destination are inverse).

    I even capture packets while testing and tried to analyse it on Wireshark, but I dont know exactly how to.

    No.	Time	Source	Destination	Protocol	Length	Info
    1	0.000000	192.168.5.5	192.168.2.5	ICMP	72	Echo (ping) request  id=0x0002, seq=31022/11897, ttl=127 (reply in 2)
    2	0.000378	192.168.2.5	192.168.5.5	ICMP	72	Echo (ping) reply    id=0x0002, seq=31022/11897, ttl=127 (request in 1)
    3	1.014671	192.168.5.5	192.168.2.5	ICMP	72	Echo (ping) request  id=0x0002, seq=31023/12153, ttl=127 (reply in 4)
    4	1.014990	192.168.2.5	192.168.5.5	ICMP	72	Echo (ping) reply    id=0x0002, seq=31023/12153, ttl=127 (request in 3)
    5	2.028549	192.168.5.5	192.168.2.5	ICMP	72	Echo (ping) request  id=0x0002, seq=31024/12409, ttl=127 (reply in 6)
    6	2.028857	192.168.2.5	192.168.5.5	ICMP	72	Echo (ping) reply    id=0x0002, seq=31024/12409, ttl=127 (request in 5)
    7	3.042263	192.168.5.5	192.168.2.5	ICMP	72	Echo (ping) request  id=0x0002, seq=31025/12665, ttl=127 (reply in 8)
    8	3.042583	192.168.2.5	192.168.5.5	ICMP	72	Echo (ping) reply    id=0x0002, seq=31025/12665, ttl=127 (request in 7)
    9	14.066480	192.168.5.5	192.168.2.5	TCP	64	60132 → 3389 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
    10	14.066812	192.168.2.5	192.168.5.5	TCP	64	3389 → 60132 [SYN, ACK, ECN] Seq=0 Ack=1 Win=64000 Len=0 MSS=1460 WS=1 SACK_PERM=1
    11	14.069804	192.168.5.5	192.168.2.5	TCP	52	60132 → 3389 [ACK] Seq=1 Ack=1 Win=1051136 Len=0
    12	14.070182	192.168.5.5	192.168.2.5	TLSv1.2	99	Ignored Unknown Record
    13	14.075407	192.168.2.5	192.168.5.5	TLSv1.2	71	Ignored Unknown Record
    14	14.086762	192.168.5.5	192.168.2.5	TCP	52	60132 → 3389 [ACK] Seq=48 Ack=20 Win=1051136 Len=0
    15	16.824950	192.168.5.5	192.168.2.5	TLSv1.2	236	Client Hello
    16	16.829089	192.168.2.5	192.168.5.5	TCP	52	3389 → 60132 [ACK] Seq=20 Ack=232 Win=63769 Len=0
    17	16.831388	192.168.2.5	192.168.5.5	TLSv1.2	1249	Server Hello, Certificate, Server Key Exchange, Server Hello Done
    18	16.847789	192.168.5.5	192.168.2.5	TCP	52	60132 → 3389 [ACK] Seq=232 Ack=1217 Win=1049856 Len=0
    19	16.848289	192.168.5.5	192.168.2.5	TLSv1.2	234	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
    20	16.852019	192.168.2.5	192.168.5.5	TLSv1.2	159	Change Cipher Spec, Encrypted Handshake Message
    21	16.855845	192.168.5.5	192.168.2.5	TLSv1.2	185	Application Data
    22	16.856661	192.168.2.5	192.168.5.5	TLSv1.2	393	Application Data
    23	16.861601	192.168.5.5	192.168.2.5	TLSv1.2	777	Application Data
    24	16.864061	192.168.2.5	192.168.5.5	TLSv1.2	185	Application Data
    25	16.867408	192.168.5.5	192.168.2.5	TCP	52	60132 → 3389 [FIN, ACK] Seq=1272 Ack=1798 Win=1050880 Len=0
    26	16.867652	192.168.2.5	192.168.5.5	TCP	52	3389 → 60132 [ACK] Seq=1798 Ack=1273 Win=64240 Len=0
    27	16.867725	192.168.2.5	192.168.5.5	TCP	52	3389 → 60132 [RST, ACK] Seq=1798 Ack=1273 Win=0 Len=0
    28	16.880864	192.168.5.5	192.168.2.5	TCP	64	60135 → 3389 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
    29	16.881185	192.168.2.5	192.168.5.5	TCP	64	3389 → 60135 [SYN, ACK, ECN] Seq=0 Ack=1 Win=64000 Len=0 MSS=1460 WS=1 SACK_PERM=1
    30	16.883322	192.168.5.5	192.168.2.5	TCP	52	60135 → 3389 [ACK] Seq=1 Ack=1 Win=1051136 Len=0
    31	16.883713	192.168.5.5	192.168.2.5	TLSv1.2	99	Ignored Unknown Record
    32	16.887822	192.168.2.5	192.168.5.5	TLSv1.2	71	Ignored Unknown Record
    33	16.891909	192.168.5.5	192.168.2.5	TLSv1.2	236	Client Hello
    34	16.898138	192.168.2.5	192.168.5.5	TLSv1.2	1249	Server Hello, Certificate, Server Key Exchange, Server Hello Done
    35	16.916226	192.168.5.5	192.168.2.5	TLSv1.2	234	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
    36	16.919961	192.168.2.5	192.168.5.5	TLSv1.2	159	Change Cipher Spec, Encrypted Handshake Message
    37	16.923422	192.168.5.5	192.168.2.5	TLSv1.2	185	Application Data
    38	16.924200	192.168.2.5	192.168.5.5	TLSv1.2	393	Application Data
    39	16.929901	192.168.5.5	192.168.2.5	TLSv1.2	777	Application Data
    40	16.932183	192.168.2.5	192.168.5.5	TLSv1.2	185	Application Data
    41	16.935580	192.168.5.5	192.168.2.5	TLSv1.2	249	Application Data
    42	16.936476	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
    43	16.939726	192.168.5.5	192.168.2.5	TLSv1.2	585	Application Data
    44	16.941487	192.168.2.5	192.168.5.5	TLSv1.2	249	Application Data
    45	16.943882	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
    46	16.944126	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
    47	16.944382	192.168.2.5	192.168.5.5	TCP	52	3389 → 60135 [ACK] Seq=2080 Ack=2172 Win=63340 Len=0
    48	16.944554	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
    49	16.947219	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
    50	16.947641	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
    51	16.950432	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
    52	16.950855	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
    53	16.954016	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
    54	16.954427	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
    55	16.957187	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
    56	16.957614	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
    57	16.960235	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
    58	16.960641	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
    59	16.963642	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
    60	16.964067	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
    61	16.967184	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
    62	16.967611	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
    63	16.972713	192.168.5.5	192.168.2.5	TCP	52	60135 → 3389 [ACK] Seq=2767 Ack=2760 Win=1049856 Len=0
    64	16.974487	192.168.5.5	192.168.2.5	TLSv1.2	777	Application Data
    65	16.977958	192.168.2.5	192.168.5.5	TLSv1.2	153	Application Data
    66	16.978010	192.168.2.5	192.168.5.5	TLSv1.2	153	Application Data
    67	16.978343	192.168.2.5	192.168.5.5	TCP	1512	3389 → 60135 [ACK] Seq=2962 Ack=3492 Win=63515 Len=1460 [TCP segment of a reassembled PDU]
    68	16.978467	192.168.2.5	192.168.5.5	TCP	1512	3389 → 60135 [ACK] Seq=4422 Ack=3492 Win=63515 Len=1460 [TCP segment of a reassembled PDU]
    69	16.978580	192.168.2.5	192.168.5.5	TLSv1.2	1233	Application Data
    70	16.980656	192.168.5.5	192.168.2.5	TCP	52	60135 → 3389 [ACK] Seq=3492 Ack=2962 Win=1049856 Len=0
    71	16.980820	192.168.5.5	192.168.2.5	TLSv1.2	153	Application Data
    72	16.980958	192.168.5.5	192.168.2.5	TCP	64	[TCP Dup ACK 70#1] 60135 → 3389 [ACK] Seq=3593 Ack=2962 Win=1049856 Len=0 SLE=5882 SRE=7063
    73	17.000701	192.168.2.5	192.168.5.5	TCP	52	3389 → 60135 [ACK] Seq=7063 Ack=3593 Win=63414 Len=0
    74	17.032165	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
    75	17.078965	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
    76	17.172551	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
    77	17.344165	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
    78	17.671773	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
    79	18.326986	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
    80	19.621829	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
    81	22.180181	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
    82	27.319493	192.168.2.5	192.168.5.5	TCP	52	3389 → 60135 [RST, ACK, CWR] Seq=4422 Ack=3593 Win=0 Len=0
    83	27.321508	192.168.5.5	192.168.2.5	TCP	64	[TCP Dup ACK 70#2] 60135 → 3389 [ACK] Seq=3593 Ack=2962 Win=1049856 Len=0 SLE=5882 SRE=7063
    84	27.321668	192.168.2.5	192.168.5.5	TCP	52	3389 → 60135 [RST] Seq=2962 Win=0 Len=0
    
    

    Can someone help me out?


Log in to reply