Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Traffic blocked when connecting to VPN (Traffic blocked when connecting to VPN)
  •  
juankiarlos

Messages: 1
Karma: 0
Send a private message to this user
Hi everybody,

This problem has take me several days and til cannot resolve it. I have a laptop which connects to the VPN of my company. And I have also Kerio installed for security reasons.

When I connect to the VPN (using CiscoVPN) I can't access internal servers for http, ftp traffic (tcp in general), but pings are OK.

If I disable Kerio then EVERYTHING'S OK and I can access the servers, so there's no problem with the servers,VPN, routing, etc, KERIO IS THE PROBLEM!!

I has put a rule ALLOWING ALL FROM EVERYWHERE TO EVERYWHERE in order to debugging but it continues failing.

And the most curious, in the filter log the traffic is permitted!!!

[16/Nov/2007 13:38:16] PERMIT "Nueva regla" packet to Conexión de área local 3, proto:TCP, len:64, ip/port:172.16.1.30:1209 -> 192.168.100.45:21, flags: SYN , seq:2111633524 ack:0, win:65535, tcplen:0

[16/Nov/2007 13:38:16] PERMIT "Nueva regla" packet from Conexión de área local 3, proto:TCP, len:64, ip/port:192.168.100.45:21 -> 172.16.1.30:1209, flags: SYN ACK , seq:85996116 ack:2111633525, win:16384, tcplen:0

[16/Nov/2007 13:38:19] PERMIT "Nueva regla" packet to Conexión de área local 3, proto:TCP, len:64, ip/port:172.16.1.30:1209 -> 192.168.100.45:21, flags: SYN , seq:2111633524 ack:0, win:65535, tcplen:0

[16/Nov/2007 13:38:19] PERMIT "Nueva regla" packet from Conexión de área local 3, proto:TCP, len:64, ip/port:192.168.100.45:21 -> 172.16.1.30:1209, flags: SYN ACK , seq:85996116 ack:2111633525, win:16384, tcplen:0

[16/Nov/2007 13:38:25] PERMIT "Nueva regla" packet to Conexión de área local 3, proto:TCP, len:64, ip/port:172.16.1.30:1209 -> 192.168.100.45:21, flags: SYN , seq:2111633524 ack:0, win:65535, tcplen:0

[16/Nov/2007 13:38:26] PERMIT "Nueva regla" packet from Conexión de área local 3, proto:TCP, len:64, ip/port:192.168.100.45:21 -> 172.16.1.30:1209, flags: SYN ACK , seq:85996116 ack:2111633525, win:16384, tcplen:0

[16/Nov/2007 13:38:37] PERMIT "Nueva regla" packet to Conexión de área local 3, proto:TCP, len:64, ip/port:172.16.1.30:1209 -> 192.168.100.45:21, flags: SYN , seq:2111633524 ack:0, win:65535, tcplen:0


As you can see, it's the beginning of an ftp session, the client sends a SYN packet, the server responds with SYN ACK, but the client seems not listen it and sends again a SYN packet. The same problem occurs with HTTP

Any suggestion????

Of course I've reinstalled Kerio and Cisco VPN, and there's no problem with traffic between localhost and Internet, the problem only occurs between localhost and VPN network, and ICMP traffic is ok, so routing is ok.

...And I tried it in another computer and had the same problem, so... what's happening????

Thanks a lot

[Updated on: Fri, 16 November 2007 14:52]

Previous Topic: How to see user's hardware address ?
Next Topic: VPN
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 14:20:32 CET 2017

Total time taken to generate the page: 0.00332 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.