I am trying to connect to the company network via my linksys WAG54G router.
IPsec filtering is on and the router asks for my username and password. Once connected I can access my email using microsoft exchange without any problems however I cannot access any of my shared drives or SQL enterprise manager and a whole host of other required applications.
Can anyone help
Russ
That sounds pretty odd -- Exchange uses TCP and UDP so generally if that works you have a wide open tunnel. So you should be looking at filtering on the WAG or incorrect policies on the NS.
So the first thing (as always) is to do a trace on the NS to see what's actually happening, or if the traffic is actually getting there or not. The usual...
undebug all clear dbuf set ffilter dst-ip 1.1.1.1* set ffilter src-ip 2.2.2.2** debug flow basic
undebug all get dbuf stream
My wild guess is you'll see the exchange taffic, and pings and such, but not the 445 or the SQL traffic because your WAG think's it's not good Internet traffic and has filtered it.
I'd suggest not putting it in router mode at all, just put it in as an access point and hang it off an interface of the 208, do your NAT there instead. If you don't know how to do this, just connect the 208 interface to an IP on the trust side of the WAG and set the wireless client gateways to the 208 IP, that will make it work as a WAP instead of a gateway. That will hand all control of that zone to the 208.
-Russ. (a different Russ)
Tried turning off the firewall on the Linksys but it makes no difference. Getting the following form the log of the Linsys;
00:00:00 [192.168.1.254] : System is ready 00:00:00 System is warm start 00:00:00 00xx@sys Firmware Version : 1.02.1, Apr 27 2004 00:00:00 ST version is 02(HEX) 00:00:06 UDP from 192.168.1.50:500 to 62.53.3.254:500 2005-11-30 21:17:12 Get current time from NTP server : Nov. 30 2005 Wed. 21:17:12 2005-11-30 21:17:29 UDP from 192.168.1.50:123 to 10.0.1.119:123 2005-11-30 21:17:30 TCP from 192.168.1.50:1233 to 10.0.1.55:80 2005-11-30 21:17:33 from 244.1.0.0:838969536 to 244.1.0.0:4 2005-11-30 21:19:12 IPSec PassThrough: wan2lan first fragment packet in firewall from fe03353e, id = 5da2, tlen = 84 2005-11-30 21:19:12 IPSec PassThrough: wan2lan 2nd or later fragment packet in wan2lan from fe03353e, id = 5da2, tlen = 84 2005-11-30 21:19:12 IPSec PassThrough: wan2lan 2nd or later fragment packet in firewall from fe03353e, id = 5da2, tlen = 1496 2005-11-30 21:19:12 from 63.149.0.0:838969536 to 225.146.0.0:4 2005-11-30 21:19:17 IPSec PassThrough: wan2lan first fragment packet in firewall from fe03353e, id = 5da6, tlen = 84 2005-11-30 21:19:17 IPSec PassThrough: wan2lan 2nd or later fragment packet in wan2lan from fe03353e, id = 5da6, tlen = 84 2005-11-30 21:19:17 from 244.1.0.0:838969536 to 244.1.0.0:4 2005-11-30 21:19:17 IPSec PassThrough: wan2lan 2nd or later fragment packet in firewall from fe03353e, id = 5da6, tlen = 1496 2005-11-30 21:19:17 from 57.138.0.0:838969536 to 240.24.0.0:4 2005-11-30 21:19:22 from 244.1.0.0:838969536 to 244.1.0.0:4 2005-11-30 21:19:22 IPSec PassThrough: wan2lan first fragment packet in firewall from fe03353e, id = 5dab, tlen = 84 2005-11-30 21:19:22 IPSec PassThrough: wan2lan 2nd or later fragment packet in wan2lan from fe03353e, id = 5dab, tlen = 84 2005-11-30 21:19:22 IPSec PassThrough: wan2lan 2nd or later fragment packet in firewall from fe03353e, id = 5dab, tlen = 1496 2005-11-30 21:19:22 from 144.156.0.0:838969536 to 188.77.0.0:4 2005-11-30 21:19:22 from 244.1.0.0:838969536 to 244.1.0.0:4Thanks for any help Russ
Those logs are mostly poo. Can you put up a flow debug from the NetScreen as I detailed? It will tell you far, far more.
-Russ.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.