Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 359 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

road warrior "any" packet filter still filtering

predatorsw
I added the "ipsec pool" any allow any packet filter rule according to the road warrior PDF and it is still blocking 

10.70.175.2 port 137 -> 255.255.255.255 port 137 udp

The 10.70.175.2 is my ipsec pool, and it is obviously doing a broadcast to do a network search. Since I followed the pdf verbatim and can still not access my internal network even though it appears to connect correctly, what's next?


This thread was automatically locked due to age.
Parents
  • 0
    I'm having the same problem. Does anyone have an answer?

    Whould be great!!! [:)]
  • 0 in reply to Smart79
    Under your IPSec connection, I have to assume that you've got "Auto Packet Filter" set on, right? 
    Have you guys contacted support about this? 
    Personally, I'd rather they blocked 137 because of the number of viruses that are propagating on that port. They'd most likely have a quick answer for you on it, but I'm guessing they're doing this as a pre-caution as much as anything else.
Reply
  • 0 in reply to Smart79
    Under your IPSec connection, I have to assume that you've got "Auto Packet Filter" set on, right? 
    Have you guys contacted support about this? 
    Personally, I'd rather they blocked 137 because of the number of viruses that are propagating on that port. They'd most likely have a quick answer for you on it, but I'm guessing they're doing this as a pre-caution as much as anything else.
Children
  • 0 in reply to jjohnston62
    1. Broadcast Messages won't be routed. 
    2. Is there a Active Directory Running?
    2a. Just Setup AD DNS Servers in your clients (is in correct)
    2b. Is there no AD, setup a WINS on both ends ans SYNC 
    them.
    2c. try to use \ to brwose shares

    3. don't use SMB Shares via slow connections, it's wasting your time

    Astaro user since 2001 - Astaro/Sophos Partner since 2008

  • 0 in reply to maygyver
    Yes we have AD and we also use DNS with one of the servers. 

    Support said that all the clients in the internal net or at least the server should have the Astato as their DEFAULT gateway.... I'll try this tonight  
  • 0 in reply to Smart79
    Either that or add a static route to the IPSEC-POOL on the affected servers, using the Astaro as the gateway specified.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Cookie Information Banner