- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Logging traffic over S2S
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Logging traffic over S2S
Hi All,
We got a S2S tunnel between a branch and a central firewall -both running R81.10 HFA Take 66, and managed by the same SMS.
Log traffic goes over the tunnel (we did update the masters file and followed sk104582), all was working fine, until we built a new -with new IP address- log server replacing the old one
We could see the SYN packet -on port 257- reaching the log server -over the tunnel, where it replies back with a SYN ACK which is then dropped on the central gateway with the below error:
@;4054131556;[kern];[tid_8];[SIM-241142620];vpn_verify: mspi check failed (cdir=0; conn_mspis:00000000,00000000; packet_mspi:0080000e), c2s conn: <10.131.2.1,38702,10.104.20.6,257,6>;
Any clues? Resetting the tunnel didn't make any difference.
A ticket was raised, but we've been kicked around for some time now
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anything involving SIC should not go over VPN by default, though I suppose if you’re following sk104582, you’ve changed that 😉
If you send me the TAC SR in a PM I can take a look.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A quick update for the records.
While going through some kernel debugging -with fw ctl zdebug running in another ssh session, I've noticed the above error message will disappear once SecureXL is being stopped -on the central VPN gateway.
Informed TAC with my findings, by the time I've managed to get an engineer on a session, the bl00dy logs started being received by the log server!!!
Now I'm not sure if stopping/re-enabling SecureXL fixed it or it was something else -no other changes were done.
Another self healing issue leaving me un-settled 😞
