This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTPservices Definition collides with DNS for VPN

Hi,

I have 2 external WAN Interfaces. WAN1 handles SSL VPNs and WAN2 handles FTP and HTTP traffic. WAN1 owns primary uplink IP.

I have the following policy routes:
1. INT -> WebSurfing -> WAN2
2. INT -> FTP -> WAN2
with VPN established, that works.

If I change the 2. policy Route from FTP to FTPServices, which includes (FTP, FTPES and FTP_Port_Range_IANA), VPN works, but without DNS lookups.

FTP_Port_Range_IANA is defined by: 1:65535 → 49152:63000

Looks like that port range 49152 to 63000 overlaps DNS requests from VPN clients and will be routed through the wrong interface WAN2 and not WAN1.

How can I solve that ?

This thread was automatically locked due to age.

Parents

0 BAlfson over 15 years ago

Stefan, have you done a packet capture to confirm this? Do you have your internal DNS listed first for DNS on 'Remote Access >> Advanced'? Do you also have policy routes for the "VPN Pool (SSL)"?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 15 years ago

Stefan, have you done a packet capture to confirm this? Do you have your internal DNS listed first for DNS on 'Remote Access >> Advanced'? Do you also have policy routes for the "VPN Pool (SSL)"?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 sfischer over 15 years ago in reply to BAlfson

in Advanced Tab I have my internal DNS server Ip Addr set.

I have no Policy Route for VPN SSL.

If I set one, doesn't it inferre with Uplink Monitoring Actions ?
Cancel
Vote Up 0 Vote Down

Cancel