Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 2664 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Local PPTP server failing to establish connection with remote RRAS server

bprc

Local PPTP server failing to establish connection with remote RRAS server

Hi,

We're trying to establish a VPN connection from a server behind our XG appliance to a remote (WAN) site RRAS server (no firewall). XG is in bridge mode. Connection worked before installing XG appliance.

We have a firewall rule allowing all from the local server.

Connection appears to be failing on the GRE protocol.

Here's a tcpdump of the connection attempt. 10.a.b.254 is local server (behind XG) and 10.x.y.101 is the remote server.

SFV6C8_VM01_SFOS 17.1.1 MR-1# tcpdump 'host 10.x.y.101'
tcpdump: Starting Packet Dump
15:11:12.787629 PortA, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [SEW], seq 293820519, win 8192, options [mss 1460,nop,nop,sackOK], length 0
15:11:12.787629 br0, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [SEW], seq 293820519, win 8192, options [mss 1460,nop,nop,sackOK], length 0
15:11:12.787773 br0, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [SEW], seq 293820519, win 8192, options [mss 1460,nop,nop,sackOK], length 0
15:11:12.787776 PortB, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [SEW], seq 293820519, win 8192, options [mss 1460,nop,nop,sackOK], length 0
15:11:12.836127 PortB, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [S.E], seq 1620359996, ack 293820520, win 8192, options [mss 1460,nop,nop,sackOK], length 0
15:11:12.836127 br0, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [S.E], seq 1620359996, ack 293820520, win 8192, options [mss 1460,nop,nop,sackOK], length 0
15:11:12.836205 br0, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [S.E], seq 1620359996, ack 293820520, win 8192, options [mss 1460,nop,nop,sackOK], length 0
15:11:12.836209 PortA, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [S.E], seq 1620359996, ack 293820520, win 8192, options [mss 1460,nop,nop,sackOK], length 0
15:11:12.836662 PortA, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [.], ack 1, win 64240, length 0
15:11:12.836662 br0, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [.], ack 1, win 64240, length 0
15:11:12.836686 PortA, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 1, win 64240, length 156: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(A) BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(0) [|pptp]
15:11:12.836686 br0, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 1, win 64240, length 156: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(A) BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(0) [|pptp]
15:11:12.836951 br0, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [.], ack 1, win 64240, length 0
15:11:12.836954 PortB, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [.], ack 1, win 64240, length 0
15:11:12.836958 br0, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 1, win 64240, length 156: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(A) BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(0) [|pptp]
15:11:12.836959 PortB, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 1, win 64240, length 156: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(A) BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(0) [|pptp]
15:11:12.884261 PortB, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 157, win 64240, length 156: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(0) [|pptp]
15:11:12.884261 br0, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 157, win 64240, length 156: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(0) [|pptp]
15:11:12.884419 br0, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 157, win 64240, length 156: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(0) [|pptp]
15:11:12.884422 PortA, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 157, win 64240, length 156: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(0) [|pptp]
15:11:12.885072 PortA, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 157, win 64084, length 168: pptp CTRL_MSGTYPE=OCRQ CALL_ID(256) CALL_SER_NUM(706) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) [|pptp]
15:11:12.885072 br0, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 157, win 64084, length 168: pptp CTRL_MSGTYPE=OCRQ CALL_ID(256) CALL_SER_NUM(706) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) [|pptp]
15:11:12.885239 br0, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 157, win 64084, length 168: pptp CTRL_MSGTYPE=OCRQ CALL_ID(256) CALL_SER_NUM(706) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) [|pptp]
15:11:12.885242 PortB, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 157, win 64084, length 168: pptp CTRL_MSGTYPE=OCRQ CALL_ID(256) CALL_SER_NUM(706) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) [|pptp]
15:11:12.918956 PortB, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 325, win 64072, length 32: pptp CTRL_MSGTYPE=OCRP CALL_ID(7920) PEER_CALL_ID(256) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(14945108) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
15:11:12.918956 br0, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 325, win 64072, length 32: pptp CTRL_MSGTYPE=OCRP CALL_ID(7920) PEER_CALL_ID(256) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(14945108) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
15:11:12.919109 br0, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 325, win 64072, length 32: pptp CTRL_MSGTYPE=OCRP CALL_ID(7920) PEER_CALL_ID(256) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(14945108) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
15:11:12.919112 PortA, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 325, win 64072, length 32: pptp CTRL_MSGTYPE=OCRP CALL_ID(7920) PEER_CALL_ID(256) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(14945108) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
15:11:12.921548 PortA, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 189, win 64052, length 24: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(7920) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
15:11:12.921548 br0, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 189, win 64052, length 24: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(7920) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
15:11:12.921697 br0, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 189, win 64052, length 24: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(7920) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
15:11:12.921700 PortB, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 189, win 64052, length 24: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(7920) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
15:11:12.922507 PortA, IN: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 0, length 37: LCP, Conf-Request (0x01), id 0, length 23
15:11:12.922507 br0, IN: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 0, length 37: LCP, Conf-Request (0x01), id 0, length 23
15:11:12.922629 br0, OUT: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 0, length 37: LCP, Conf-Request (0x01), id 0, length 23
15:11:12.922631 PortB, OUT: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 0, length 37: LCP, Conf-Request (0x01), id 0, length 23
15:11:12.970448 PortB, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 349, win 64048, length 0
15:11:12.970448 br0, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 349, win 64048, length 0
15:11:12.970561 br0, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 349, win 64048, length 0
15:11:12.970563 PortA, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 349, win 64048, length 0
15:11:14.926293 PortA, IN: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 1, length 37: LCP, Conf-Request (0x01), id 1, length 23
15:11:14.926428 PortB, OUT: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 1, length 37: LCP, Conf-Request (0x01), id 1, length 23
15:11:17.941856 PortA, IN: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 2, length 37: LCP, Conf-Request (0x01), id 2, length 23
15:11:17.941890 PortB, OUT: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 2, length 37: LCP, Conf-Request (0x01), id 2, length 23
15:11:21.989225 PortA, IN: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 3, length 37: LCP, Conf-Request (0x01), id 3, length 23
15:11:21.989254 PortB, OUT: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 3, length 37: LCP, Conf-Request (0x01), id 3, length 23
15:11:26.005141 PortA, IN: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 4, length 37: LCP, Conf-Request (0x01), id 4, length 23
15:11:26.005176 PortB, OUT: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 4, length 37: LCP, Conf-Request (0x01), id 4, length 23
15:11:30.051913 PortA, IN: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 5, length 37: LCP, Conf-Request (0x01), id 5, length 23
15:11:30.051941 PortB, OUT: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 5, length 37: LCP, Conf-Request (0x01), id 5, length 23
15:11:34.114381 PortA, IN: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 6, length 37: LCP, Conf-Request (0x01), id 6, length 23
15:11:34.114410 PortB, OUT: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 6, length 37: LCP, Conf-Request (0x01), id 6, length 23
15:11:38.146109 PortA, IN: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 7, length 37: LCP, Conf-Request (0x01), id 7, length 23
15:11:38.146146 PortB, OUT: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 7, length 37: LCP, Conf-Request (0x01), id 7, length 23
15:11:42.177494 PortA, IN: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 8, length 37: LCP, Conf-Request (0x01), id 8, length 23
15:11:42.177527 PortB, OUT: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 8, length 37: LCP, Conf-Request (0x01), id 8, length 23
15:11:46.224285 PortA, IN: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 9, length 37: LCP, Conf-Request (0x01), id 9, length 23
15:11:46.224294 PortB, OUT: IP 10.a.b.254 > 10.x.y.101: GREv1, call 7920, seq 9, length 37: LCP, Conf-Request (0x01), id 9, length 23
15:11:49.754325 PortB, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 349, win 64048, length 16: pptp CTRL_MSGTYPE=CCRQ CALL_ID(7920)
15:11:49.754325 br0, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 349, win 64048, length 16: pptp CTRL_MSGTYPE=CCRQ CALL_ID(7920)
15:11:49.754398 br0, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 349, win 64048, length 16: pptp CTRL_MSGTYPE=CCRQ CALL_ID(7920)
15:11:49.754403 PortA, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 349, win 64048, length 16: pptp CTRL_MSGTYPE=CCRQ CALL_ID(7920)
15:11:49.755187 PortA, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 205, win 64036, length 148: pptp CTRL_MSGTYPE=CDN CALL_ID(16037) RESULT_CODE(0) ERR_CODE(0) CAUSE_CODE(0) [|pptp]
15:11:49.755187 br0, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 205, win 64036, length 148: pptp CTRL_MSGTYPE=CDN CALL_ID(16037) RESULT_CODE(0) ERR_CODE(0) CAUSE_CODE(0) [|pptp]
15:11:49.755324 br0, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 205, win 64036, length 148: pptp CTRL_MSGTYPE=CDN CALL_ID(16037) RESULT_CODE(0) ERR_CODE(0) CAUSE_CODE(0) [|pptp]
15:11:49.755327 PortB, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 205, win 64036, length 148: pptp CTRL_MSGTYPE=CDN CALL_ID(16037) RESULT_CODE(0) ERR_CODE(0) CAUSE_CODE(0) [|pptp]
15:11:49.801104 PortB, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 497, win 63900, length 0
15:11:49.801104 br0, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 497, win 63900, length 0
15:11:49.801235 br0, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 497, win 63900, length 0
15:11:49.801238 PortA, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 497, win 63900, length 0
15:11:49.801574 PortA, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 205, win 64036, length 16: pptp CTRL_MSGTYPE=StopCCRQ REASON(1)
15:11:49.801574 br0, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 205, win 64036, length 16: pptp CTRL_MSGTYPE=StopCCRQ REASON(1)
15:11:49.801743 br0, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 205, win 64036, length 16: pptp CTRL_MSGTYPE=StopCCRQ REASON(1)
15:11:49.801746 PortB, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [P.], ack 205, win 64036, length 16: pptp CTRL_MSGTYPE=StopCCRQ REASON(1)
15:11:49.839633 PortB, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 513, win 63884, length 16: pptp CTRL_MSGTYPE=StopCCRP RESULT_CODE(1) ERR_CODE(0)
15:11:49.839633 br0, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 513, win 63884, length 16: pptp CTRL_MSGTYPE=StopCCRP RESULT_CODE(1) ERR_CODE(0)
15:11:49.839775 br0, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 513, win 63884, length 16: pptp CTRL_MSGTYPE=StopCCRP RESULT_CODE(1) ERR_CODE(0)
15:11:49.839778 PortA, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [P.], ack 513, win 63884, length 16: pptp CTRL_MSGTYPE=StopCCRP RESULT_CODE(1) ERR_CODE(0)
15:11:49.840372 PortA, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [F.], seq 513, ack 221, win 64020, length 0
15:11:49.840372 br0, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [F.], seq 513, ack 221, win 64020, length 0
15:11:49.840439 br0, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [F.], seq 513, ack 221, win 64020, length 0
15:11:49.840442 PortB, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [F.], seq 513, ack 221, win 64020, length 0
15:11:49.889884 PortB, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 514, win 63884, length 0
15:11:49.889884 br0, IN: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 514, win 63884, length 0
15:11:49.889945 br0, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 514, win 63884, length 0
15:11:49.889948 PortA, OUT: IP 10.x.y.101.1723 > 10.a.b.254.57327: Flags [.], ack 514, win 63884, length 0
15:11:49.890359 PortA, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [R.], seq 514, ack 221, win 0, length 0
15:11:49.890359 br0, IN: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [R.], seq 514, ack 221, win 0, length 0
15:11:49.890423 br0, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [R.], seq 514, ack 221, win 0, length 0
15:11:49.890425 PortB, OUT: IP 10.a.b.254.57327 > 10.x.y.101.1723: Flags [R.], seq 514, ack 221, win 0, length 0

Any thoughts on what we need to do get this working?

Cheers



This thread was automatically locked due to age.