Re: VPN problems from Linksys WAG54G to Netscreen 208 using netscreen client

From: Somebody. (somebody._at_spamout.russdoucet.com)
Date: 11/29/05 

Date: Mon, 28 Nov 2005 21:07:48 -0500

"RA" <russ.auty@spicerhaart.co.uk> wrote in message
news:1133217410.524646.203430@g43g2000cwa.googlegroups.com...
>I am trying to connect to the company network via my linksys WAG54G
> router.
>
> IPsec filtering is on and the router asks for my username and password.
> Once connected I can access my email using microsoft exchange without
> any problems however I cannot access any of my shared drives or SQL
> enterprise manager and a whole host of other required applications.
>
> Can anyone help
>
> Russ

That sounds pretty odd -- Exchange uses TCP and UDP so generally if that
works you have a wide open tunnel. So you should be looking at filtering on
the WAG or incorrect policies on the NS.

So the first thing (as always) is to do a trace on the NS to see what's
actually happening, or if the traffic is actually getting there or not. The
usual...

undebug all
clear dbuf
set ffilter dst-ip 1.1.1.1*
set ffilter src-ip 2.2.2.2**
debug flow basic

<send some traffic to 1.1.1.1* from 2.2.2.2**over the VPN>

undebug all
get dbuf stream

* is the IP of your server for which you want to examine the traffic
** is your source device.

My wild guess is you'll see the exchange taffic, and pings and such, but not
the 445 or the SQL traffic because your WAG think's it's not good Internet
traffic and has filtered it.

I'd suggest not putting it in router mode at all, just put it in as an
access point and hang it off an interface of the 208, do your NAT there
instead. If you don't know how to do this, just connect the 208 interface
to an IP on the trust side of the WAG and set the wireless client gateways
to the 208 IP, that will make it work as a WAP instead of a gateway. That
will hand all control of that zone to the 208.

-Russ. (a different Russ)

Quantcast