Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Strange Routing Problem / Bug (Strange Routing Problem / Bug)
  •  
kellydanielc

Messages: 4
Karma: 0
Send a private message to this user
Hi Everyone,

Im having a weird issue with relation to Traffic Policy Routing / VPN / Load Balancing which Im hoping someone can confim as a bug or point out what I may be doing wrong.

Here is my Setup :-

Site 1 (Main Site)
3 Internet Connections
Local Ip Range -> 172.20.2.x
VPN Server Range -> 172.27.156.x
Load balanced with VPN as Dedicated Connection.

Site 2 (Remote Site)
2 Internet Connections
Local IP Range -> 192.168.1.x
VPN Server Range -> 172.28.56.x
Load Balanced with VPN as dedicated Connection

Now we have an Asterisk Phone System at each end. We have IAX Trunks which use TCP/UDP Port 4569 for communication. Now we also IAX trunks originated from outside the network so I have Port 4569 translated to the Internal IP address of the Asterisk Box when the Source is the Internet.

I also have a Full Access Rule For the Asterisk Server (Remote Site) which dictates a Source of 192.168.1.116 (Asterisk Internal IP), a destination of the internet, Service is ANY, Action is Allow and Tranlation is set to NAT(VPN) so it is forced out the VPN connection.

On initial setup this all works perfectly but then after a day or so the IAX trunks drop out and fail to connect. Troubleshooting the problem always leads me to the ASterisk Full Access Rule causing the issue. When I put a trace on this connection I see all the packets for the VPN being matched by this rule. So I see a packet from 192.168.1.116 With a Source Port of 4569 and a Destination IP address of 172.20.2.6 (Remote Asterisk IP across VPN) being matched by this rule.

This should not be the case. The destination in this rule is set to the Internet so why is a detination of 172.20.2.6 being matched as the Internet when it should be picked up as a VPN Address??

The really weird thing is it work for a day or two then fails. To make it work again, you disable the Full Access Rule, then the Internal IAX trunks come back but the external Ones drop offline, then you restart the kerio Service and re-enable the rule and 8 times out of 10 both Internal and External trunks comes online again for another day or two..

Any advise / ideas?

Kind Regards,

Daniel.

  •  
Jan Jezek (Kerio)

Messages: 103
Karma: 0
Send a private message to this user
Your setup is probably too complex to be fully understandable from the description. You should include screenshots of Interfaces and Traffic Policy of both sites. I would also suggest to contact tech support with this.

Jan Jezek
Product Development Manager - Kerio Control
Kerio Technologies
Previous Topic: Winroute 6.6 Start Up Error - Tinydb UDp Bind Error
Next Topic: Forbidden Words - Redirect to URL
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Oct 21 15:44:55 CEST 2017

Total time taken to generate the page: 0.00345 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.