<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re[4]: Communication breakdown....
From: Stephen Stewart <stewart.stephen,AT,wanadoo,DOT,fr>
Date: Fri, 28 Feb 2003 13:16:47 +0100
In-reply-to: <15319914906.20030226134401@wanadoo.fr>

Hello Damion,

well I have a bit more information now, although I don't really
know what it all means but here goes:

1. I setup a local VPN (on my local subnet) and pinged away all day
without problems.

2. The problem still occurs when connnecting to the remote machine
(via the Firebox NAT); everything works fine until ... bang... and our
firewall is blocking packets coming in on a different port than I
would have expected. ie. normally the packets look a bit like this:

local_ip:6023  <--->   virtual_remote_ip:6023

when things are broken our firewall reports blocking these type
packets:

local_ip:6023  <--->   firewall_ip:32768 (blocked)

this is very strange as the remote machine is setup explicitly to
tunnel to virtual_remote_ip:6023. Also, the ip address of the firewall
NAT box should not be visible to the end nodes.

When a dynamic ip address node (like mine) connects to a static ip
peer node, the static peer node learns the remote ip address from the
incoming packets. In this case, does it also use the port number? And
does this learning mechanism kick in too in the case where the peer
machine is statically defined, ie. could this explain my problem
above? For example, is our firewall NAT box was misbehaving is some
manner could this cause my local box to redirect it's outgoing traffic
to the wrong ip:port?

-- 
Best regards,
 Stephen                            mailto:stewart.stephen,AT,wanadoo,DOT,fr





<< | Thread Index | >> ]    [ << | Date Index | >> ]