Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
log shows drop on an encrypt rule
- Thread starter rdk
- Start date
More information please. Is it a site to site VPN, SecureClient? Do you have your encryption domains set up correctly? Is it just a particular type of traffic or all traffic in the rule? Do other encrypt/decrypt rules work?
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
- Thread starter
- #3
Chris, Yes it is a site to site vpn. I think the encryptiondomains are correct. It drops on but I see decrypts on other traffic types from the same source.
brianpaterson
IS-IT--Management
Is it dropping on rule 0 or the VPN rule?
What do you mean by Http, Https, SSL?
A sumary of your VPN rule would be helpful.
Cheers B-)
Brian, CCSE
brian@domain-integrity.com
What do you mean by Http, Https, SSL?
A sumary of your VPN rule would be helpful.
Cheers B-)
Brian, CCSE
brian@domain-integrity.com
- Thread starter
- #5
ok, I am not a fw expert but this is what I found. we were actually getting
15:40:11 drop Custfw005 >eth-s2p2c0 proto tcp src 10.1.35.118 dst 10.28.78.204 service tcp-80-90 s_port 4959 rule 34 reason: port belong to service in TCP Fast Mode, port: tcp-80-90
So I looked at the services and tcp-80-90 was NOT set for fast mode. I looked through the rest of them and found one called http-fastmode, which was used on a different fw. I cleared fastmode and the problem was fixed. So now I am stuck. Is this because I used the default service "ANY"? does that mean its any defined service in the EMC? If you could explain this I would appreciate it alot, thanks.
15:40:11 drop Custfw005 >eth-s2p2c0 proto tcp src 10.1.35.118 dst 10.28.78.204 service tcp-80-90 s_port 4959 rule 34 reason: port belong to service in TCP Fast Mode, port: tcp-80-90
So I looked at the services and tcp-80-90 was NOT set for fast mode. I looked through the rest of them and found one called http-fastmode, which was used on a different fw. I cleared fastmode and the problem was fixed. So now I am stuck. Is this because I used the default service "ANY"? does that mean its any defined service in the EMC? If you could explain this I would appreciate it alot, thanks.
- Status
Similar threads
- Locked
- Question