Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

X750 to Zywall 35 VPN Issues

Status
Not open for further replies.
SkreeM

SkreeM

IS-IT--Management
Jun 6, 2005
117
GB
Hi All,

We have an x750 at the center of our network and assorted little firewalls at our branch offices, all had been working well until this week when we got issues reported with one site, they have a zywall 35 down the end of an ADSL line.

We have doen some testing and...

From our lan to the external IP of the site - no packet loss
From External Site to External IP of our site - no packet loss
from our site to internal ip of their firewall approx 25% loss
from their site to internal ip of our firewall approx 25% loss

All these tests have been done with just the ping utility. Path ping on the internal IP's shows the same amount of loss at the final hop each way only.

So far we have tried rebooting the firewalls at both ends, and have removed and re-created the VPN tunnel at both ends. we have also tried using different proposals for phases 1 and 2 of the VPN. there has been no difference.

Any further advice that can be given would be most helpful

Thanks In advance

SkreeM
 
Sort by date Sort by votes
Hello SkreeM,

In your BoVPN tunnel gateways you will need to use the primary IP's of both sites. So, when you have 2 or more routable public addresses on both your Watchguard and your Zywall. You will still need to tunnel between their respective primairy addresses.

If you are already tunneling through their respective public IP's, I suggest you trace the connection with a ICMP policy set to log traffic even on succesful pings.

If you want me to assist. Just reply.

Regards,
Tommie

_________________________________
It works! But how?
VoiceByte System Engineer
 
Upvote 0 Downvote
Hi Tommie,

Each of our tunnels is set to use the primary IP on each end. How would i go about setting up the trace with the icmp logging?

What i really don't get is why it has suddenly stopped working, it's been fine for at least a year, and suddenly this. no changes were made to firewall policy this week, but it stopped working at lunchtime on wednesday.

Skr
 
Upvote 0 Downvote
Hey SkreeM,

You can set the policy for ICMP (usually exists in standard config) to log successful packets. Through it's second tab in WSM.

I've had similar problems and issues with BoVPN tunnels to a Fortigate. What does your IKED logging say? Are all hops in tact? You can trace the route with MTR (unix) or tracert (windows) to see what hops are at work... Though this will not work in a tunnel, so trace from pub ip to pub ip.

Regards,
Tommie

_________________________________
It works! But how?
VoiceByte System Engineer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
323
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
336
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
339
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
140
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
408
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top