4. IPsec VPN StS - no traffic

IPsec VPN StS - no traffic

  • R

    Hello everyone,
    I got a problem on a IPsec tunnel between 2 branchs. What happen is: tunnel is up, I can ping devices on both sides but can't connect to them. For example I can't make RDP connections between the sides. I tried everything, changed encryption algorithm, auth methods, etc.
    What makes it stranger is that I got others tunnels working on both sides with no problem.
    IPsec rule is set * to * in both Firewalls, outbound NAT is automatic created (even tried with hybrid and still no luck).

    P1 config:
    p1.jpg

    P2 config:
    p2.jpg

    Same config on the other endpoint (obviously source/destination are inverse).

    I even capture packets while testing and tried to analyse it on Wireshark, but I dont know exactly how to.

    No.	Time	Source	Destination	Protocol	Length	Info
1	0.000000	192.168.5.5	192.168.2.5	ICMP	72	Echo (ping) request  id=0x0002, seq=31022/11897, ttl=127 (reply in 2)
2	0.000378	192.168.2.5	192.168.5.5	ICMP	72	Echo (ping) reply    id=0x0002, seq=31022/11897, ttl=127 (request in 1)
3	1.014671	192.168.5.5	192.168.2.5	ICMP	72	Echo (ping) request  id=0x0002, seq=31023/12153, ttl=127 (reply in 4)
4	1.014990	192.168.2.5	192.168.5.5	ICMP	72	Echo (ping) reply    id=0x0002, seq=31023/12153, ttl=127 (request in 3)
5	2.028549	192.168.5.5	192.168.2.5	ICMP	72	Echo (ping) request  id=0x0002, seq=31024/12409, ttl=127 (reply in 6)
6	2.028857	192.168.2.5	192.168.5.5	ICMP	72	Echo (ping) reply    id=0x0002, seq=31024/12409, ttl=127 (request in 5)
7	3.042263	192.168.5.5	192.168.2.5	ICMP	72	Echo (ping) request  id=0x0002, seq=31025/12665, ttl=127 (reply in 8)
8	3.042583	192.168.2.5	192.168.5.5	ICMP	72	Echo (ping) reply    id=0x0002, seq=31025/12665, ttl=127 (request in 7)
9	14.066480	192.168.5.5	192.168.2.5	TCP	64	60132 → 3389 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
10	14.066812	192.168.2.5	192.168.5.5	TCP	64	3389 → 60132 [SYN, ACK, ECN] Seq=0 Ack=1 Win=64000 Len=0 MSS=1460 WS=1 SACK_PERM=1
11	14.069804	192.168.5.5	192.168.2.5	TCP	52	60132 → 3389 [ACK] Seq=1 Ack=1 Win=1051136 Len=0
12	14.070182	192.168.5.5	192.168.2.5	TLSv1.2	99	Ignored Unknown Record
13	14.075407	192.168.2.5	192.168.5.5	TLSv1.2	71	Ignored Unknown Record
14	14.086762	192.168.5.5	192.168.2.5	TCP	52	60132 → 3389 [ACK] Seq=48 Ack=20 Win=1051136 Len=0
15	16.824950	192.168.5.5	192.168.2.5	TLSv1.2	236	Client Hello
16	16.829089	192.168.2.5	192.168.5.5	TCP	52	3389 → 60132 [ACK] Seq=20 Ack=232 Win=63769 Len=0
17	16.831388	192.168.2.5	192.168.5.5	TLSv1.2	1249	Server Hello, Certificate, Server Key Exchange, Server Hello Done
18	16.847789	192.168.5.5	192.168.2.5	TCP	52	60132 → 3389 [ACK] Seq=232 Ack=1217 Win=1049856 Len=0
19	16.848289	192.168.5.5	192.168.2.5	TLSv1.2	234	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
20	16.852019	192.168.2.5	192.168.5.5	TLSv1.2	159	Change Cipher Spec, Encrypted Handshake Message
21	16.855845	192.168.5.5	192.168.2.5	TLSv1.2	185	Application Data
22	16.856661	192.168.2.5	192.168.5.5	TLSv1.2	393	Application Data
23	16.861601	192.168.5.5	192.168.2.5	TLSv1.2	777	Application Data
24	16.864061	192.168.2.5	192.168.5.5	TLSv1.2	185	Application Data
25	16.867408	192.168.5.5	192.168.2.5	TCP	52	60132 → 3389 [FIN, ACK] Seq=1272 Ack=1798 Win=1050880 Len=0
26	16.867652	192.168.2.5	192.168.5.5	TCP	52	3389 → 60132 [ACK] Seq=1798 Ack=1273 Win=64240 Len=0
27	16.867725	192.168.2.5	192.168.5.5	TCP	52	3389 → 60132 [RST, ACK] Seq=1798 Ack=1273 Win=0 Len=0
28	16.880864	192.168.5.5	192.168.2.5	TCP	64	60135 → 3389 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
29	16.881185	192.168.2.5	192.168.5.5	TCP	64	3389 → 60135 [SYN, ACK, ECN] Seq=0 Ack=1 Win=64000 Len=0 MSS=1460 WS=1 SACK_PERM=1
30	16.883322	192.168.5.5	192.168.2.5	TCP	52	60135 → 3389 [ACK] Seq=1 Ack=1 Win=1051136 Len=0
31	16.883713	192.168.5.5	192.168.2.5	TLSv1.2	99	Ignored Unknown Record
32	16.887822	192.168.2.5	192.168.5.5	TLSv1.2	71	Ignored Unknown Record
33	16.891909	192.168.5.5	192.168.2.5	TLSv1.2	236	Client Hello
34	16.898138	192.168.2.5	192.168.5.5	TLSv1.2	1249	Server Hello, Certificate, Server Key Exchange, Server Hello Done
35	16.916226	192.168.5.5	192.168.2.5	TLSv1.2	234	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
36	16.919961	192.168.2.5	192.168.5.5	TLSv1.2	159	Change Cipher Spec, Encrypted Handshake Message
37	16.923422	192.168.5.5	192.168.2.5	TLSv1.2	185	Application Data
38	16.924200	192.168.2.5	192.168.5.5	TLSv1.2	393	Application Data
39	16.929901	192.168.5.5	192.168.2.5	TLSv1.2	777	Application Data
40	16.932183	192.168.2.5	192.168.5.5	TLSv1.2	185	Application Data
41	16.935580	192.168.5.5	192.168.2.5	TLSv1.2	249	Application Data
42	16.936476	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
43	16.939726	192.168.5.5	192.168.2.5	TLSv1.2	585	Application Data
44	16.941487	192.168.2.5	192.168.5.5	TLSv1.2	249	Application Data
45	16.943882	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
46	16.944126	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
47	16.944382	192.168.2.5	192.168.5.5	TCP	52	3389 → 60135 [ACK] Seq=2080 Ack=2172 Win=63340 Len=0
48	16.944554	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
49	16.947219	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
50	16.947641	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
51	16.950432	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
52	16.950855	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
53	16.954016	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
54	16.954427	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
55	16.957187	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
56	16.957614	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
57	16.960235	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
58	16.960641	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
59	16.963642	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
60	16.964067	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
61	16.967184	192.168.5.5	192.168.2.5	TLSv1.2	137	Application Data
62	16.967611	192.168.2.5	192.168.5.5	TLSv1.2	137	Application Data
63	16.972713	192.168.5.5	192.168.2.5	TCP	52	60135 → 3389 [ACK] Seq=2767 Ack=2760 Win=1049856 Len=0
64	16.974487	192.168.5.5	192.168.2.5	TLSv1.2	777	Application Data
65	16.977958	192.168.2.5	192.168.5.5	TLSv1.2	153	Application Data
66	16.978010	192.168.2.5	192.168.5.5	TLSv1.2	153	Application Data
67	16.978343	192.168.2.5	192.168.5.5	TCP	1512	3389 → 60135 [ACK] Seq=2962 Ack=3492 Win=63515 Len=1460 [TCP segment of a reassembled PDU]
68	16.978467	192.168.2.5	192.168.5.5	TCP	1512	3389 → 60135 [ACK] Seq=4422 Ack=3492 Win=63515 Len=1460 [TCP segment of a reassembled PDU]
69	16.978580	192.168.2.5	192.168.5.5	TLSv1.2	1233	Application Data
70	16.980656	192.168.5.5	192.168.2.5	TCP	52	60135 → 3389 [ACK] Seq=3492 Ack=2962 Win=1049856 Len=0
71	16.980820	192.168.5.5	192.168.2.5	TLSv1.2	153	Application Data
72	16.980958	192.168.5.5	192.168.2.5	TCP	64	[TCP Dup ACK 70#1] 60135 → 3389 [ACK] Seq=3593 Ack=2962 Win=1049856 Len=0 SLE=5882 SRE=7063
73	17.000701	192.168.2.5	192.168.5.5	TCP	52	3389 → 60135 [ACK] Seq=7063 Ack=3593 Win=63414 Len=0
74	17.032165	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
75	17.078965	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
76	17.172551	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
77	17.344165	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
78	17.671773	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
79	18.326986	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
80	19.621829	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
81	22.180181	192.168.2.5	192.168.5.5	TCP	1512	[TCP Retransmission] 3389 → 60135 [ACK] Seq=2962 Ack=3593 Win=63414 Len=1460
82	27.319493	192.168.2.5	192.168.5.5	TCP	52	3389 → 60135 [RST, ACK, CWR] Seq=4422 Ack=3593 Win=0 Len=0
83	27.321508	192.168.5.5	192.168.2.5	TCP	64	[TCP Dup ACK 70#2] 60135 → 3389 [ACK] Seq=3593 Ack=2962 Win=1049856 Len=0 SLE=5882 SRE=7063
84	27.321668	192.168.2.5	192.168.5.5	TCP	52	3389 → 60135 [RST] Seq=2962 Win=0 Len=0

    Can someone help me out?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy