Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 1095 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC tunnel not using correct ports

Tan ZW

Hi,

Am using IPSec on our XG325 FW and since yesterday, there are problems reaching the remote site after upgrading to 17.5 MR8.

All the while we are using Port 7 for the IPSec tunnels between sites and this setting is inside the IPSec tunnel creation. However, when we checked the system via console (using system diagnostics utilities netconf route list command), we found that the traffic was tagged to Port 6 instead. I believed this is the reason why part of the services to the remote sites are down since those that are running had fw rules created. How can we make sure and change the traffic back to Port 7 of the fw? The tunnel created already did indicate the use of port 7 t o route the traffic and the tunnel was up and running.

Any advise will be really helpful.

Thanks! 



This thread was automatically locked due to age.
Parents
  • 0

    Are both Ports used as WAN Ports? Who builds up the connection? 

  • 0 in reply to LuCar Toni

     Hi LuCar,

     

    Nope. Port 6 is on LAN while Port 7 is on WAN. I know the setup should not be like this but once I add in a static route to one of the remote sites, everything works. The route precedence is VPN, policy,static so I do not know why it does not use the IPSec site-to-site to route traffic via Port 7.

     

    Thanks!

  • 0 in reply to Tan ZW

    Tan,

    you have 2 choices:

    • recreate the IPSec from scratch
    • Open a ticket with the support so they can investigate what went wrong.

    Please let us know.

  • 0 in reply to lferrara

    Hi Iferrara,

    Thanks for the reply.

    In actual fact, I had recreated 2 of the 3 tunnels affected and make sure that the remote and local networks are the same and using DNS (for one site) and IP(for another site). Tunnel can established but again the same issue is there. Its still going out via Port 6 which is the LAN while the IPSec tunnels are supposed to use Port 7. 

    Any suggestions?

    Had also raised ticket with the support and yet to hear from them.

    Thanks!

    Tan

Reply
  • 0 in reply to lferrara

    Hi Iferrara,

    Thanks for the reply.

    In actual fact, I had recreated 2 of the 3 tunnels affected and make sure that the remote and local networks are the same and using DNS (for one site) and IP(for another site). Tunnel can established but again the same issue is there. Its still going out via Port 6 which is the LAN while the IPSec tunnels are supposed to use Port 7. 

    Any suggestions?

    Had also raised ticket with the support and yet to hear from them.

    Thanks!

    Tan

Children
  • 0 in reply to Tan ZW

    Ok. So something is not working correctly.

    Support will assist and find the issue in the advanced shell. Somewhere in the conf folder there is a mismatch or the tunnel you delete is not deleting all the files.

    Please let us know.

    Regards