Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 574 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Odd Hardware layout help needed

Faledorian
I am running ASG 8.102 Home that is in an odd hardware configuration and need some advise. Here is the hardware layout.

Cable Modem

Cisco RV042 Dual WAN Router-(Have a few PC's directly connected to the 4 port switch and not going through the ASG box)

ASG Box with packet filtering, transparent proxy -IPS turned off.

The rest of my Computers- Having some dropped packets in and out that seem to be causing hiccups in the traffic.

00:24 FaleSRV ulogd[5544]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="0:16:e3:af:4e:f8" dstmac="0:1a:92:26:46:cf" srcip="192.168.2.8" dstip="98.139.60.154" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="49211" dstport="843" tcpflags="SYN" 
2011:02:19-00:00:27 FaleSRV ulogd[5544]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="0:16:e3:af:4e:f8" dstmac="0:1a:92:26:46:cf" srcip="192.168.2.8" dstip="98.139.60.154" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="49211" dstport="843" tcpflags="SYN" 

and

2011:02:19-04:25:31 FaleSRV ulogd[5544]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1a:92:26:46:cf" srcip="173.193.11.36" dstip="192.168.2.9" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="49859" tcpflags="RST"


This thread was automatically locked due to age.
Parents
  • 0
    ASG is not in bridge mode, has masquerading configure as internal> external
    packet filter has rules to allow traffic and only a few cases are not making it through to the internet.

    Should I remove the Router or is there another fix that you can suggest to resolve the hiccups?

    Any help will be appreciated.
Reply
  • 0
    ASG is not in bridge mode, has masquerading configure as internal> external
    packet filter has rules to allow traffic and only a few cases are not making it through to the internet.

    Should I remove the Router or is there another fix that you can suggest to resolve the hiccups?

    Any help will be appreciated.
Children
  • 0 in reply to Faledorian
    Hi,
    the simplest approach to using an ASG is
    1/. router in bridge mode so ASG handles authentication
    2/. a MASQ rule internal to external
    3/. http/s proxy in transparent mode
    4/. a packet filter rule internal network -> any (protocol) -> any (internet) -> allow


    That will work and allow you to build more complex filters as you want to block traffic.

    What you are seeing is not dropped or blocked traffic that is affecting your users but some site responding from a different server to that which setup the original connection at least that is my understanding. I see similar type of traffic in my logs, but that doesn't stop the users from surfing or downloading.

    Ian M