This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ISAKMP Traffic being dropped

Hello,

I'm having a problem where all the ISAKMP packets trying to pass through the firewall are being dropped. I have a rule at number 1 and 2 to allow ISAKMP to pass between the two endpoints and originally the traffic was leaving the firewall ok, but now there appears to be two entries on the Filter LiveLog screen under Chain FIX_CONNTRACK which are overwriting my rules and dropping the ISAKMP traffic between the endpoints.
Where have these rules come from and can I somehow get around/rid of these?

Regards,
Fred.

Additionally, the FIX_CONNTRACK entries are not permanent, after not passing using any ISAKMP traffic for a while I have noticed the entries must be timing out and are removed. About 10-15 minutes after using it again the FIX_CONNTRACK entries are returning...
Any suggestions would be appreciated.

This thread was automatically locked due to age.

0 cyclops over 21 years ago

fnerk,

just guessing due to missing version information - in version 4 an up2date could be helpful in case you have set the allow rules for ISAKMP (UDP/500) to log-allow - there was a stupid bug in conjunction with FIX_CONNTRACK.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel