Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 16584 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

site2site VPN Drops RDP

derTeo
Hello together

we have a Little (i hope its Little) Problem here.

We have a site2site IPsec VPN Tunnel to a Sonicwall.
The Tunnel starts without Problems.

The Remote Location can ping our local Hosts. but cannot do a RDP Session.
our FW logs this with a SYN Default Drop by Rule 60002.

LOG:
2015:10:27-14:07:16 tj-fw1-1 ulogd[14418]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="ppp0" outitf="eth2" srcmac="00:1a:8c:f0:68:a2" srcip="10.33.0.1" dstip="192.168.135.110" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="15597" dstport="3389" tcpflags="SYN" 

The auto firewall rules are there.

What i did so far:

Did the FW Rules manually on pos 01
Disabled appControl
Disabled IPS
and some other things.

Nothing worked.. Anyone have an Idea?[:S]

Cheers
Teo


This thread was automatically locked due to age.
  • 0
    Do you have the allow rules in the Sonicwall? 

    Since you don't list the IP space of Acommit and Bern, my thought would be to confirm they're 10.33.0.x and 192.168.135.x. Is 192.168.135.x a /24? If it's a /25 or higher, .110 could be in a different subnet so the rule may not match.
  • 0 in reply to bwcms
    The ip Range localy (Bern) is 192.168.135.0/24
    And the remote Location is only 10.33.0.1
    Its correctly configured on both on our sophos and on the remote sonicwall.
    As i said ping works fine https to.. only rdp generates the defaultdrop.

    Cheers
    Teo
  • 0
    Teo, "60002" is a default drop out of the FORWARD chain.  The only thing I can imagine is that you have a NAT rule that's capturing the packet, maybe just changing the port.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thanks for the reply’s..

    I found the Problem.
    The Remote Gateway should not be assigned to a Local Port it must be connected to "Any"
    Yellow tagged in the attached Picture.

    Cheers

    Teo
  • 0
    @Teo:  This advise goes for all host/network definitions that you may create.  Never bind to a specific interface, keep the default Any setting.  In the vast majority of cases, changing this will cause wanted traffic to be dropped.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Good catch, Teo.  Take Scott's advice to heart.  It wouldn't hurt to review #3 through #5 in Rulz.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML