Announcement

Collapse
No announcement yet.

Problem accessing server, IPSec

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem accessing server, IPSec

    Hi guys!

    We have 2 Cyberoam firewall, connected with IPSec, which everything is working fine except one thing.

    Subnet 10.1.*.* can access all server (2003 or 2008 ) over the subnet 10.0.*.* , or ping. On the other side, it's the same thing except 1 server, which is a 2008 and the only of the branch.

    I can't ping the server, can't access it. We have no firewall onthe server enabled, only NOD32, and when it's disable, it doesn't change anything.

    Any idea? I doubt it's the firewall related (cyberoam) since I can ping or access all the other server, and there is no rule to block this.

    Thanks if anyone can help me.

    Christ
    Last edited by biggles77; 10th March 2012, 20:35. Reason: Fix 8) smilie issue

  • #2
    Re: Problem accessing server, IPSec

    Not familiar with those devices, but have you checked the logs on the firewall?
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Problem accessing server, IPSec

      Can the server at the other end 'see' anything at that end like user PCs, etc.? Assuming there's a fixed IP and correct network mask, that server should at least be able to ping it's own gateway. If not, it's most likely the server networking (drivers, settings, cabling) or the switch/router port it's plugged into.
      *RicklesP*
      MSCA (2003/XP), Security+, CCNA

      ** Remember: credit where credit is due, and reputation points as appropriate **

      Comment


      • #4
        Re: Problem accessing server, IPSec

        Hi.

        Thanks for your replies. Finally, I've been able to do a packet capture (Thanks for the CLI access). I found that the distant will ping, I can capture the packet on the other firewall, but it won't reach the destination.

        The one not accessible doesn't reach the firewall when pinging. I'll need to look at that server, but GPO has been set to disable firewall for all computer and server. It use nod32 (no firewall). I'll start by restarting the server first and see.


        Just to let you know, all server can see computer, and can ping except that server in 10.1.*.* . I can ping all local network, but not throught the IPSec, might be something in the firewall which hasn't been disable..

        Comment


        • #5
          Re: Problem accessing server, IPSec

          Okay, I've done some few test.

          It seems that this server doesn'T want anything from the IPSec, and it doesn't want to let our Scan gun with Windows CE to access the share.

          We have a GPO firewall rule, which disable the firewall (controlled by a 2003 server). I don't know if there could be a problem right there. I will Disable this rule, and force the server to update and see if it works.

          Comment


          • #6
            Re: Problem accessing server, IPSec

            Can you check the subnet mask on the server you can't access? Make sure it's correct.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: Problem accessing server, IPSec

              I'll check thanks!

              Edit:

              Rick has seems to get me somewhere I didn't double check, and with Jeremy post, I have double checked, subnetmask was at 255.0.0.0 instead of 255.255.255.0. Arggg Why I never saw this. Thanks to the one who set this mask haha


              Well, now I just have the Windows CE that doesn'T connect to the share!
              Last edited by ChristTheGreat; 15th February 2012, 19:34.

              Comment


              • #8
                Re: Problem accessing server, IPSec

                Check the same thing on the Windows CE. When configuring a 10.x.x.x address the SNM defaults to a class A which would make the devices think everything is on the LAN and would try and send the traffic directly instead of to the gateway.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: Problem accessing server, IPSec

                  Sorry for long delay xD, I didn'T had time working on the windows CE, the new building construction is done and I need to install new server for our second building haha!

                  I'll give a try and see on those windows CE, I'll post back news about ti next week.

                  Thanks!

                  Comment

                  Working...
                  X