Problem with SSH and IPSec VNP



  • Hi everybody, i need help,

    I have a VPN tunnel, in one side i have  SSH server (Lx, Debian) in the other side a SSH client, the client can reach the server and sometimes appears the login screen and nothing more, that is, the comunication is inconsistent, in the Firewall log can see "SSH  Close - AGE OUT ", the ping is sucessfull.

    The tunnel works well, I already change the encription mode, and the problem still happen, any suggestion to change in the firewall NS-5200 ?



  • Hi Savage we’re NATing the server IP, 172.22.25.46 : 26.0.0.1 and the cliente has the IP 27.0.0.1, the client can successfuly ping the server, if use a SSH command in verbose mode could see the OS of the server , in the policy its permit the SSH and FTP services.

    I hope soon apply the changes and comment you the results…

    Thanks.



  • Some helpful info would be, is this a site 2 site VPN or a remote client vpn? If its a remote client VPN then I would look to see if the trust interface is set to ‘NAT’ and the untrust interface is set to ‘route’. If your are not NATing to the WAN from a private network then it would not be able to route back to you. Also, if you are using debian or ubuntu then you need to configure /etc/sysctl.conf forwarding on the client machine. Here’s my instructions for this as I’ve had to do this before:

    Linux users only also make change to /etc/sysctl.conf
               First vim /etc/sysctl.conf. Make changes to look like this:

    Uncomment the next two lines to enable Spoof protection (reverse-path filter)

    Turn on Source Address Verification in all interfaces to

    prevent some spoofing attacks

    net.ipv4.conf.default.rp_filter=0
    net.ipv4.conf.all.rp_filter=0

    Uncomment the next line to enable packet forwarding for IPv4

    net.ipv4.ip_forward=1

    Then do ‘sysctl -p’ so the changes take


 

26
Online

38.4k
Users

12.7k
Topics

44.5k
Posts