Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 4 subscribers
  • Views 6814 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't Connect to External VPN from behind UTM 9

TNT

Hi,

I installed a SG115W (running 9.409-9) at a client site last week. 

All users work on a RD server where some Cisco VPN software is install. The VPN connection is called in to action when they need to do a lodgement through MYOB. The VPN connection works fine when using their old router so it does not appear to be an issue with the 3rd party.

I believe the VPN is IPSec/TCP on port 10000. I've added in the appropriate firewall rules based on that information and have added in the other IPSec VPN service group without luck. I have had a Sophos engineer remote on an troubleshoot it and it sort of stumped him as well. He played with the rules and thought it all looked OK. I even put in an Any - Any - Any rule without luck. I can see some of the traffic being allowed via the logs but it never establishes the connection.

This afternoon I played with disabling IPS and Advanced Threat Protection and re-enabling but setting exceptions without luck.

The client has another lodegement process that uses some other VPN service and I was able to successfully allow that with a rule. Right now, the work around we have in place is for the client to plug their old router in for 10 minutes every day to complete this process.

Any ideas?



This thread was automatically locked due to age.
  • 0

    Hi TNT,

    Show us packetfilter.log entries for the destination IP address on which the VPN connection is attempted. This will give us some idea of the cause of the issue. 

    Thanks 

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Only see the one when trying to connect the VPN:

    2017:01:16-09:52:13 utm ulogd[20348]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="1" initf="br0" outitf="eth1" srcmac="00:0c:29:5b:c7:e9" dstmac="00:1a:8c:45:62:e4" srcip="10.0.0.14" dstip="61.88.100.161" proto="6" length="40" tos="0x00" prec="0x00" ttl="127" srcport="59227" dstport="10000" tcpflags="SYN"

  • 0 in reply to TNT

    Hi,

    Are you connecting from srcip="10.0.0.14" to the dstip="61.88.100.161? The packetfilter log shows the action on TCP traffic as accept.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    My first guess would be to recommend #3.1 in Rulz.  If that's not it, check the Intrusion Prevention Live Log when you attempt a connection, or just look in that log at the time of the Firewall log line you showed above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi BAlfson,

    I believe I'm meeting all of #3.1 guidelines. See Masquerade settings below and and everyone has the Internal Address as their default gateway. Only 2 NIC's are in play. One is connected to the WAN and other to LAN. Intrusion Prevention Log is completely empty.

     - Yep, it shows as accepted but get no further love.

  • 0 in reply to TNT

    Hi TNT,

    Time for a packet capture. Please follow this KBA and send us the pcap file.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi.

     

    Sachin - I can't figure out how to extract the pcap file after running tcpdump host 10.0.0.14 -w /home/login/dump.pcap so I just ran tcpdump host 10.0.0.14 and copied the output from the ssh console. Let me know if I need to run a different command (different interface or host, etc) and maybe a way to extract the pcap file.

     

    The VPN service is hosted at 61.88.100.161 which appears in the dump a few times as 61.88.100.161.ndmp. According to my Googling, ndmp =  Network Data Management Protocol which is normally hosted on port TCP 10000.

     

    Fullscreen 8623.tcpdump.txt Download 
    09:12:24.117135 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 4100239436:4100239665, ack 3800806614, win 63022, length 229
09:12:24.151901 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1:102, ack 0, win 260, length 101
09:12:24.153261 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 102:203, ack 0, win 260, length 101
09:12:24.153334 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 203:304, ack 0, win 260, length 101
09:12:24.153414 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 304:405, ack 0, win 260, length 101
09:12:24.153524 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 203, win 62820, length 0
09:12:24.153615 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 405, win 64000, length 0
09:12:24.153861 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 405:506, ack 0, win 260, length 101
09:12:24.157671 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 506:607, ack 0, win 260, length 101
09:12:24.157726 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 607:692, ack 0, win 260, length 85
09:12:24.157908 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 607, win 63798, length 0
09:12:24.212039 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 692, win 63713, length 0
09:12:24.293918 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 692:777, ack 0, win 260, length 85
09:12:24.293939 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 777:862, ack 0, win 260, length 85
09:12:24.294231 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 862, win 63543, length 0
09:12:24.300814 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 862:963, ack 0, win 260, length 101
09:12:24.300835 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 963:1064, ack 0, win 260, length 101
09:12:24.301055 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 1064, win 63341, length 0
09:12:24.301775 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1064:1149, ack 0, win 260, length 85
09:12:24.318862 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1149:1234, ack 229, win 259, length 85
09:12:24.319096 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 1234, win 63171, length 0
09:12:24.328754 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1234:1335, ack 229, win 259, length 101
09:12:24.385083 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 1335, win 63070, length 0
09:12:24.455964 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1335:1436, ack 229, win 259, length 101
09:12:24.455985 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1436:1521, ack 229, win 259, length 85
09:12:24.456300 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 1521, win 62884, length 0
09:12:24.456982 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1521:1622, ack 229, win 259, length 101
09:12:24.458065 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1622:1707, ack 229, win 259, length 85
09:12:24.458083 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1707:1792, ack 229, win 259, length 85
09:12:24.458287 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 1707, win 64000, length 0
09:12:24.459939 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1792:1893, ack 229, win 259, length 101
09:12:24.460160 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 1893, win 63814, length 0
09:12:24.600852 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1893:1978, ack 229, win 259, length 85
09:12:24.602127 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 1978:2063, ack 229, win 259, length 85
09:12:24.602394 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 2063, win 63644, length 0
09:12:24.663279 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 229:442, ack 2063, win 63644, length 213
09:12:24.766741 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 2063:2148, ack 229, win 259, length 85
09:12:24.767740 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 2148:2249, ack 229, win 259, length 101
09:12:24.767921 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 2249:2350, ack 229, win 259, length 101
09:12:24.767937 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 2350:2451, ack 229, win 259, length 101
09:12:24.768059 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 2249, win 63458, length 0
09:12:24.768146 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 2451, win 63256, length 0
09:12:24.768711 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 2451:2552, ack 229, win 259, length 101
09:12:24.768767 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 2552:2653, ack 229, win 259, length 101
09:12:24.768922 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 2653:2754, ack 229, win 259, length 101
09:12:24.768954 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 2653, win 63054, length 0
09:12:24.805279 IP 10.0.0.14.52844 > 61.88.100.161.ndmp: Flags [S], seq 16819416, win 65535, length 0
09:12:24.817108 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 2754, win 62953, length 0
09:12:24.848270 IP 61.88.100.161.ndmp > 10.0.0.14.52844: Flags [S.], seq 682176250, ack 16819417, win 8192, options [mss 1380], length 0
09:12:24.848509 IP 10.0.0.14.52844 > 61.88.100.161.ndmp: Flags [.], ack 1, win 65535, length 0
09:12:24.862195 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 442:575, ack 2754, win 62953, length 133
09:12:24.907717 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 2754:2855, ack 229, win 259, length 101
09:12:24.909106 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 2855:2956, ack 442, win 259, length 101
09:12:24.909376 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 2956, win 62751, length 0
09:12:24.909983 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 2956:3057, ack 442, win 259, length 101
09:12:24.910044 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 3057:3158, ack 442, win 259, length 101
09:12:24.910237 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 3158, win 64000, length 0
09:12:24.910455 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 3158:3243, ack 442, win 259, length 85
09:12:24.911089 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 3243:3344, ack 442, win 259, length 101
09:12:24.911295 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 3344, win 63814, length 0
09:12:24.911320 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 3344:3445, ack 442, win 259, length 101
09:12:24.937697 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 3445:3530, ack 575, win 258, length 85
09:12:24.937921 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 3530, win 63628, length 0
09:12:25.074868 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 3530:3615, ack 575, win 258, length 85
09:12:25.126174 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 3615, win 63543, length 0
09:12:25.177247 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 575:692, ack 3615, win 63543, length 117
09:12:25.239793 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 3615:3764, ack 692, win 258, length 149
09:12:25.289169 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 3764, win 63394, length 0
09:12:25.385758 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 3764:3849, ack 692, win 258, length 85
09:12:25.417357 IP ec2-54-253-253-43.ap-southeast-2.compute.amazonaws.com.https > 10.0.0.14.49249: Flags [P.], seq 2818318138:2818318212, ack 2385068449, win 340, length 74
09:12:25.435220 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 3849, win 63309, length 0
09:12:25.467164 IP 10.0.0.14.49249 > ec2-54-253-253-43.ap-southeast-2.compute.amazonaws.com.https: Flags [.], ack 74, win 258, length 0
09:12:25.524915 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 3849:3950, ack 692, win 258, length 101
09:12:25.524936 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 3950:4035, ack 692, win 258, length 85
09:12:25.524945 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 4035:4120, ack 692, win 258, length 85
09:12:25.525312 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 4035, win 63123, length 0
09:12:25.528701 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 4120:4205, ack 692, win 258, length 85
09:12:25.528975 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 4205, win 62953, length 0
09:12:25.538808 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 4205:4290, ack 692, win 258, length 85
09:12:25.562741 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 4290:4375, ack 692, win 258, length 85
09:12:25.562975 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 4375, win 62783, length 0
09:12:25.678325 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 692:825, ack 4375, win 62783, length 133
09:12:25.684769 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 4375:4460, ack 692, win 258, length 85
09:12:25.684789 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 4460:4545, ack 692, win 258, length 85
09:12:25.685087 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 4545, win 64000, length 0
09:12:25.685889 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 4545:4630, ack 692, win 258, length 85
09:12:25.685909 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 4630:4715, ack 692, win 258, length 85
09:12:25.685918 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 4715:4800, ack 692, win 258, length 85
09:12:25.686147 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 4715, win 63830, length 0
09:12:25.686859 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 4800:4901, ack 692, win 258, length 101
09:12:25.687087 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 4901, win 63644, length 0
09:12:25.687107 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 4901:5002, ack 692, win 258, length 101
09:12:25.687407 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 5002:5103, ack 692, win 258, length 101
09:12:25.687636 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 5103, win 63442, length 0
09:12:25.704689 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 5103:5204, ack 692, win 258, length 101
09:12:25.723302 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 825:942, ack 5204, win 63341, length 117
09:12:25.830832 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 5204:5305, ack 825, win 257, length 101
09:12:25.831157 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 5305:5406, ack 825, win 257, length 101
09:12:25.831409 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 5406, win 63139, length 0
09:12:25.831991 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 5406:5507, ack 825, win 257, length 101
09:12:25.832339 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 5507:5608, ack 825, win 257, length 101
09:12:25.832542 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 5608, win 62937, length 0
09:12:25.833049 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 5608:5709, ack 825, win 257, length 101
09:12:25.833516 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 5709:5810, ack 825, win 257, length 101
09:12:25.833535 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 5810:5895, ack 825, win 257, length 85
09:12:25.833731 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 5810, win 64000, length 0
09:12:25.834213 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 5895:5996, ack 825, win 257, length 101
09:12:25.834437 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 5996, win 63814, length 0
09:12:25.853801 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 5996:6097, ack 825, win 257, length 101
09:12:25.854158 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 6097:6198, ack 825, win 257, length 101
09:12:25.854367 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 6198, win 63612, length 0
09:12:25.992822 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 6198:6299, ack 942, win 257, length 101
09:12:25.996261 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 6299:6400, ack 942, win 257, length 101
09:12:25.996536 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 6400:6501, ack 942, win 257, length 101
09:12:25.996549 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 6400, win 63410, length 0
09:12:25.997143 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 6501:6602, ack 942, win 257, length 101
09:12:25.997358 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 6602, win 63208, length 0
09:12:25.997772 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 6602:6703, ack 942, win 257, length 101
09:12:25.998132 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 6703:6804, ack 942, win 257, length 101
09:12:25.998327 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 6804, win 63006, length 0
09:12:25.998922 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 6804:6905, ack 942, win 257, length 101
09:12:25.999509 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 6905:7006, ack 942, win 257, length 101
09:12:25.999709 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 7006, win 62804, length 0
09:12:25.999937 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 7006:7107, ack 942, win 257, length 101
09:12:26.014698 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 7107:7208, ack 942, win 257, length 101
09:12:26.014932 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 7208, win 64000, length 0
09:12:26.138750 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 7208:7309, ack 942, win 257, length 101
09:12:26.139025 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 7309:7410, ack 942, win 257, length 101
09:12:26.139683 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 7410:7511, ack 942, win 257, length 101
09:12:26.139939 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 7511:7612, ack 942, win 257, length 101
09:12:26.139957 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 7612:7713, ack 942, win 257, length 101
09:12:26.140725 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 7713:7814, ack 942, win 257, length 101
09:12:26.140750 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 7410, win 63798, length 0
09:12:26.140752 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 7612, win 63596, length 0
09:12:26.140910 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 7814, win 63394, length 0
09:12:26.141780 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 7814:7899, ack 942, win 257, length 85
09:12:26.163403 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 7899:7984, ack 942, win 257, length 85
09:12:26.163661 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 7984, win 63224, length 0
09:12:26.167797 IP 10.0.0.14.52844 > 61.88.100.161.ndmp: Flags [.], seq 1:881, ack 1, win 65535, length 880
09:12:26.189322 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 942:1091, ack 7984, win 63224, length 149
09:12:26.297755 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 7984:8069, ack 942, win 257, length 85
09:12:26.297886 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 8069:8154, ack 942, win 257, length 85
09:12:26.298188 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 8154, win 63054, length 0
09:12:26.298711 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 8154:8255, ack 942, win 257, length 101
09:12:26.302810 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 8255:8356, ack 942, win 257, length 101
09:12:26.303022 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 8356, win 62852, length 0
09:12:26.303046 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 8356:8457, ack 942, win 257, length 101
09:12:26.320685 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 8457:8558, ack 942, win 257, length 101
09:12:26.320905 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 8558, win 64000, length 0
09:12:26.441737 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 8558:8659, ack 942, win 257, length 101
09:12:26.444687 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 8659:8792, ack 1091, win 256, length 133
09:12:26.444979 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 8792, win 63766, length 0
09:12:26.479747 IP th-in-f189.1e100.net.https > 10.0.0.14.50855: Flags [P.], seq 2171655042:2171655111, ack 4036457368, win 340, length 69
09:12:26.529324 IP 10.0.0.14.50855 > th-in-f189.1e100.net.https: Flags [.], ack 69, win 1023, length 0
09:12:26.595705 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 8792:8877, ack 1091, win 256, length 85
09:12:26.614717 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 8877:8962, ack 1091, win 256, length 85
09:12:26.614990 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 8962, win 63596, length 0
09:12:26.703431 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 1091:1208, ack 8962, win 63596, length 117
09:12:26.738836 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 8962:9047, ack 1091, win 256, length 85
09:12:26.789373 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 9047, win 63511, length 0
09:12:26.818798 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 1208, win 256, length 0
09:12:27.218505 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 1208:1325, ack 9047, win 63511, length 117
09:12:27.363779 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9047:9132, ack 1208, win 256, length 85
09:12:27.405459 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 9132, win 63426, length 0
09:12:27.588878 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9047:9132, ack 1208, win 256, length 85
09:12:27.589218 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 9132, win 63426, options [nop,nop,sack 1 {9047:9132}], length 0
09:12:27.655465 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 1208:1325, ack 9132, win 63426, length 117
09:12:27.717523 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 1325:1442, ack 9132, win 63426, length 117
09:12:27.778869 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9132:9217, ack 1208, win 256, length 85
09:12:27.779849 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9217:9318, ack 1208, win 256, length 101
09:12:27.779907 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9318:9419, ack 1208, win 256, length 101
09:12:27.780121 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 9318, win 63240, length 0
09:12:27.818853 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9419:9520, ack 1208, win 256, length 101
09:12:27.818872 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9520:9621, ack 1208, win 256, length 101
09:12:27.819145 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 9520, win 63038, length 0
09:12:27.819795 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9621:9706, ack 1208, win 256, length 85
09:12:27.820012 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 9706, win 62852, length 0
09:12:27.865769 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9706:9807, ack 1208, win 256, length 101
09:12:27.865786 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9807:9908, ack 1208, win 256, length 101
09:12:27.866074 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 9908, win 64000, length 0
09:12:27.866766 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9908:10009, ack 1208, win 256, length 101
09:12:27.917785 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 10009:10110, ack 1208, win 256, length 101
09:12:27.917802 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 10110:10211, ack 1208, win 256, length 101
09:12:27.918146 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 10110, win 63798, length 0
09:12:27.918799 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 10211:10312, ack 1208, win 256, length 101
09:12:27.919025 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 10312, win 63596, length 0
09:12:27.920739 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 9047:10307, ack 1208, win 256, length 1260
09:12:27.920984 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 10312, win 63596, options [nop,nop,sack 1 {9047:10307}], length 0
09:12:28.232656 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 1442:1559, ack 10312, win 63596, length 117
09:12:28.419611 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 1208:1559, ack 10312, win 63596, length 351
09:12:28.517841 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 10307:10477, ack 1325, win 260, length 170
09:12:28.518234 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 10477, win 63431, options [nop,nop,sack 1 {10307:10312}], length 0
09:12:28.563682 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 1325, win 260, options [nop,nop,sack 1 {1208:1325}], length 0
09:12:28.564746 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 10477:10849, ack 1442, win 260, length 372
09:12:28.565696 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 10849:11253, ack 1442, win 260, length 404
09:12:28.565960 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 11253, win 64000, length 0
09:12:28.566722 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 11253:11625, ack 1442, win 260, length 372
09:12:28.567704 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 11625:12029, ack 1442, win 260, length 404
09:12:28.567910 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 12029, win 63224, length 0
09:12:28.568709 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 12029:12433, ack 1442, win 260, length 404
09:12:28.587697 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 12433:12837, ack 1442, win 260, length 404
09:12:28.587909 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 12837, win 64000, length 0
09:12:28.588696 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 1559, win 259, options [nop,nop,sack 1 {1208:1559}], length 0
09:12:28.588952 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 12837:13167, ack 1559, win 259, length 330
09:12:28.595726 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 13167:14341, ack 1559, win 259, length 1174
09:12:28.595958 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 14341, win 64000, length 0
09:12:28.746679 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 1559:1676, ack 14341, win 64000, length 117
09:12:28.818727 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 1676, win 259, length 0
09:12:28.949716 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 1676:1777, ack 14341, win 64000, length 101
09:12:28.949816 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], seq 1777:3037, ack 14341, win 64000, length 1260
09:12:28.995704 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 3037, win 260, length 0
09:12:28.996085 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 3037:4297, ack 14341, win 64000, length 1260
09:12:28.996568 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 4297:5557, ack 14341, win 64000, length 1260
09:12:29.044701 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 5557, win 260, length 0
09:12:29.045064 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 5557:6682, ack 14341, win 64000, length 1125
09:12:29.067745 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 14341:14442, ack 5557, win 260, length 101
09:12:29.117633 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 14442, win 63899, length 0
09:12:29.121832 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 14442:14559, ack 6682, win 256, length 117
09:12:29.171582 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 14559, win 63782, length 0
09:12:29.248739 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 6682:6799, ack 14559, win 63782, length 117
09:12:29.322721 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 6799, win 256, length 0
09:12:29.763802 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 6799:6916, ack 14559, win 63782, length 117
09:12:29.788752 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 14559:14708, ack 6916, win 260, length 149
09:12:29.839723 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 14708, win 63633, length 0
09:12:29.888449 IP 61.88.100.161.ndmp > 10.0.0.14.52844: Flags [R], seq 682176251, win 65535, length 0
09:12:30.240441 IP 10.0.0.114.58677 > 10.0.0.14.ms-wbt-server: UDP, length 12
09:12:30.240931 IP 10.0.0.14.ms-wbt-server > 10.0.0.114.58676: UDP, length 12
09:12:30.277813 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 6916:7033, ack 14708, win 63633, length 117
09:12:30.303168 IP 10.0.0.114.58676 > 10.0.0.14.ms-wbt-server: UDP, length 12
09:12:30.351786 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 7033, win 260, length 0
09:12:30.481982 IP th-in-f189.1e100.net.https > 10.0.0.14.50267: Flags [P.], seq 1172633342:1172633411, ack 3449924025, win 340, length 69
09:12:30.531806 IP 10.0.0.14.50267 > th-in-f189.1e100.net.https: Flags [.], ack 69, win 1020, length 0
09:12:30.776937 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 7033:7150, ack 14708, win 63633, length 117
09:12:30.804911 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 14708:14857, ack 7150, win 259, length 149
09:12:30.855794 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 14857, win 63484, length 0
09:12:31.291985 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 7150:7267, ack 14857, win 63484, length 117
09:12:31.365773 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 7267, win 259, length 0
09:12:31.686952 IP 10.0.0.14.49420 > tl-in-f188.1e100.net.https: Flags [.], seq 2556597611:2556597612, ack 1182049378, win 256, length 1
09:12:31.687026 IP tl-in-f188.1e100.net.https > 10.0.0.14.49420: Flags [.], ack 1, win 262, options [nop,nop,sack 1 {0:1}], length 0
09:12:31.756244 IP 10.0.0.14.52844 > 61.88.100.161.ndmp: Flags [.], seq 881:1761, ack 1, win 65535, length 880
09:12:31.808024 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 7267:7384, ack 14857, win 63484, length 117
09:12:31.835706 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 14857:15006, ack 7384, win 259, length 149
09:12:31.885927 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 15006, win 63335, length 0
09:12:32.150112 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 7384:7613, ack 15006, win 63335, length 229
09:12:32.226762 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 7613, win 258, length 0
09:12:32.307092 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 7613:7730, ack 15006, win 63335, length 117
09:12:32.384742 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 7730, win 257, length 0
09:12:32.817902 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 7730:7847, ack 15006, win 63335, length 117
09:12:32.845795 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 15006:15139, ack 7847, win 257, length 133
09:12:32.897085 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 15139, win 63202, length 0
09:12:33.304222 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 7847:7964, ack 15139, win 63202, length 117
09:12:33.380773 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 7964, win 256, length 0
09:12:33.803288 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 7964:8081, ack 15139, win 63202, length 117
09:12:33.879884 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 8081, win 256, length 0
09:12:34.146242 IP 10.0.0.14.ms-wbt-server > 10.0.0.114.58677: UDP, length 12
09:12:34.319370 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 8081:8198, ack 15139, win 63202, length 117
09:12:34.349770 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 15139:15272, ack 8198, win 260, length 133
09:12:34.399278 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 15272, win 63069, length 0
09:12:34.835391 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 8198:8315, ack 15272, win 63069, length 117
09:12:34.934726 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 8315, win 260, length 0
09:12:35.067499 ARP, Request who-has 10.0.0.14 (00:0c:29:5b:c7:e9 (oui Unknown)) tell 10.0.0.114, length 28
09:12:35.067803 ARP, Reply 10.0.0.14 is-at 00:0c:29:5b:c7:e9 (oui Unknown), length 46
09:12:35.333451 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 8315:8432, ack 15272, win 63069, length 117
09:12:35.362747 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 15272:15421, ack 8432, win 259, length 149
09:12:35.412370 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 15421, win 62920, length 0
09:12:35.432343 IP ec2-54-253-253-43.ap-southeast-2.compute.amazonaws.com.https > 10.0.0.14.49249: Flags [P.], seq 74:148, ack 1, win 340, length 74
09:12:35.482386 IP 10.0.0.14.49249 > ec2-54-253-253-43.ap-southeast-2.compute.amazonaws.com.https: Flags [.], ack 148, win 257, length 0
09:12:35.843514 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 8432:8549, ack 15421, win 62920, length 117
09:12:35.955752 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 8549, win 259, length 0
09:12:36.359592 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 8549:8666, ack 15421, win 62920, length 117
09:12:36.385796 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [P.], seq 15421:15570, ack 8666, win 259, length 149
09:12:36.436527 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [.], ack 15570, win 62771, length 0
09:12:36.875701 IP 10.0.0.14.ms-wbt-server > 10.242.2.2.62650: Flags [P.], seq 8666:8783, ack 15570, win 62771, length 117
09:12:36.953828 IP 10.242.2.2.62650 > 10.0.0.14.ms-wbt-server: Flags [.], ack 8783, win 258, length 0
09:12:37.319058 IP 10.0.0.14.52844 > 61.88.100.161.ndmp: Flags [R], seq 16821177, win 65535, length 0
^C09:12:37.319203 IP 10.0.0.14.52844 > roam.ato.gov.au.ndmp: Flags [S], seq 16819429, win 65535, length 0

  • +1

    I had similar problems with accessing an external work VPN from behind my Sophos UTM that plagued me for weeks.  I finally stumbled on a discussion about changes made to how the UTM now pulls the MTU from the uplink, overriding the "preferred" setting entered in the Interfaces area.  My ISP (Comcast) is frustratingly setting my MTU to 576.  Once I reset the uplink MTU to 1500, Pulse VPN worked fine again.  I hope this helps!

  • +1 in reply to William Gundlach

    You may be on to something William. 

    The MTU is currently set to 576 automatically by the ISP. I just tried changing it to 1500 but it seems it's been overridden again by the ISP value. How do I force it?

    Edit: Seems this is a known bug: https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/79288/disable-bad-bugfix-in-9-405-5-fix-nutm-2840-aws-utm-ignores-mtu-sent-by-dhcp-server

    Ok, I followed the information that sets mtu_auto_discover 0.

    I was then able to change the MTU to 1500 which looks like it's fixed the issue!

    I remember reading about this MTU issue somewhere and thought it maybe worth a try but then promptly forget about it and got side tracked.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML