We've just set up an IP SEC VPN between us and a third party.No NAT has been done, and so the disable NAT inside tunnel checkbox has been 'checked'.
Tunnel seems to be ok but intended traffic is dropping and i cannot understand why.Then encryption domain of the customer that's been configured in the VPN community has the subnets configured which we are dealing with on the other side.In our encryption domain, i added the device in question that needs to be accessible, being an internal FTP server.
Now the thing is that FTP traffic to this internal severs is dropping and i cannot understand why.IPSEC rules are well above the regular firewall policy.
How can i troubleshoot this further to get to know where i'm doing something wrong.Phase 1 and Phase 2 tunnel is established, only the traffic is not flowing.
I see in the logs that the traffic is being decrypted. Then i see it's being dropped due to not matching any rule? But like i said, IP SEC rules are well above anything else.
Encryption domain customer -> device on our side (internal FTP)
Service any
VPN domain VPN community configured for this customer
Accept
Log
To be clear, i'm by far an expert and it's sometimes a pain to get something regular to work, just like this.
All help is much appreciated.
No comments:
Post a Comment