Thread: ipv6-crypt in tracker but it's not enabled
View Single Post
  #1 (permalink)  
Old 2007-08-30
atomicsushi atomicsushi is offline
Junior Member
  
Join Date: 2007-02-14
Posts: 3
atomicsushi has an average reputation (10+)
Default ipv6-crypt in tracker but it's not enabled
Hi,

I have a netgate vpn hardware client connecting through the checkpoint firewall and terminating on a 3rd party device which sits behind the FW.

In the tracker, instead of seeing protocol 50 come through, all I see is UDP500 and protocol ipv6-crypt. Why am I seeing ipv6-crypt when I don't have it enabled?

However, when i do a tcpdump on both the incoming and outgoing interface on the firewall, i see protocol ESP packets come through ok.

What I am seeing on the tcpdump and capture is - traffic coming in OK from the netgate on eth1c0 and leaving eth2c0 to get to the 3rd party device. I also see the 3rd party device responding back through eth2c0 but the packets never leave the firewall. I don't see anything going back out on eth1c0 from the 3rd party device.

Here's the dump of the capture, note that 3rd party device is loadsharing between 203.68.68.50 and 203.68.68.51
The netgate is 216.89.213.27


Firewall2007[admin]# fw monitor -e "accept ((src=216.89.213.27) or (dst=216.89.213.27));"

monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
monitor: monitoring (control-C to stop)

eth2c0:i[80]: 203.68.68.50 -> 216.89.213.27 (50) len=80 id=5961

eth2c0:i[144]: 203.68.68.50 -> 216.89.213.27 (50) len=144 id=5962

eth2c0:i[80]: 203.68.68.50 -> 216.89.213.27 (50) len=80 id=6271

eth2c0:i[144]: 203.68.68.50 -> 216.89.213.27 (50) len=144 id=6272

eth2c0:i[80]: 203.68.68.50 -> 216.89.213.27 (50) len=80 id=6659

eth2c0:i[144]: 203.68.68.50 -> 216.89.213.27 (50) len=144 id=6660

eth2c0:i[80]: 203.68.68.50 -> 216.89.213.27 (50) len=80 id=7308

eth2c0:i[144]: 203.68.68.50 -> 216.89.213.27 (50) len=144 id=7309

eth2c0:i[80]: 203.68.68.50 -> 216.89.213.27 (50) len=80 id=7774

eth2c0:i[144]: 203.68.68.50 -> 216.89.213.27 (50) len=144 id=7775

UNKNOWN:i[220]: 216.89.213.27 -> 203.68.68.51 (UDP) len=220 id=4200 UDP: 500 -> 500
UNKNOWN:I[220]: 216.89.213.27 -> 203.68.68.51 (UDP) len=220 id=4200 UDP: 500 -> 500
eth2c0:o[220]: 216.89.213.27 -> 203.68.68.51 (UDP) len=220 id=4200 UDP: 500 -> 500
eth2c0:O[220]: 216.89.213.27 -> 203.68.68.51 (UDP) len=220 id=4200 UDP: 500 -> 500
eth2c0:i[241]: 203.68.68.51 -> 216.89.213.27 (UDP) len=241 id=24407 UDP: 500 -> 500
eth2c0:I[241]: 203.68.68.51 -> 216.89.213.27 (UDP) len=241 id=24407 UDP: 500 -> 500
UNKNOWN:o[241]: 203.68.68.51 -> 216.89.213.27 (UDP) len=241 id=24407 UDP: 500 -> 500
UNKNOWN:O[241]: 203.68.68.51 -> 216.89.213.27 (UDP) len=241 id=24407 UDP: 500 -> 500
eth2c0:i[80]: 203.68.68.51 -> 216.89.213.27 (50) len=80 id=11200
eth2c0:i[160]: 203.68.68.51 -> 216.89.213.27 (50) len=160 id=11202

Please let me know if you need more information, any help is appreciated!!

Thanks,

a-sushi in d pod.
Reply With Quote