UDP drops on high ports from email server?

[Spacetrucker]

My SC logs show drops from the public ip address of our email server to my laptop's private ip address. Here's the details.
Action-drop; Direction-Inbound; Service-1172; Source-PublicIPAddr; Dest-PrivateIPAddr; Protocol-UDP; S_Port30189

Why would the public ip address of our email server show up in the log files?
I thought once the vpn connected, I would only see the private ip addresses.
And, what's the story on these udp drops on the high ports? I've seen them mentioned in some other threads.

[dsb.nepo]

I guess you use Exchange/Outlook.
Exchange sends periodicaly udp packets to the client to notify about new mails ...

Please check the following.
The network/exchange should have no nat to the SC network (maybe create an explizit rule for NoNat).
At the Desktop Rule check that this packet is allowed to your SC_Users@ with option encrypt

[Spacetrucker]

Quote:

Originally Posted by dsb.nepo

I guess you use Exchange/Outlook.
Exchange sends periodicaly udp packets to the client to notify about new mails ...

>>Your right we are using Exchange/Outlook.

Please check the following.
The network/exchange should have no nat to the SC network (maybe create an explizit rule for NoNat).
At the Desktop Rule check that this packet is allowed to your SC_Users@ with option encrypt

>>Would you show me how to create these two rules? I don't understand what you mean.

I thought that once the vpn tunnel was established that no nat would come into play. So I'm confused by this 'no nat to the SC network'.

[Spacetrucker]

Quote:

Originally Posted by Spacetrucker

>>Would you show me how to create these two rules? I don't understand what you mean.

I thought that once the vpn tunnel was established that no nat would come into play. So I'm confused by this 'no nat to the SC network'.

dsb.nepo,

I found an example of the desktop rule in one of your reply's to another thread. I could still use an example of the 'no nat to the SC network' rule though.

[Spacetrucker]

dsb.nepo,

I added this inbound desktop rule, but I still see the drops.
Src---------------Dest--------------Service--------------Action
ExchangeSrv------SC@Any----------UdpHighPorts---------Encrypt

Check me if I'm wrong, but my first inbound rule should do the same thing.
Src---------------Dest--------------Service--------------Action
InternalSubnets---SC@Any-----------Any-----------------Encrypt

I'm guessing I need the 'no nat rule' you speak of. I could create a host object with the public ip address of the Exchange server and then create a desktop rule that allows that particular address through. But that seems a bit risky.

[dsb.nepo]

Quote:

Check me if I'm wrong, but my first inbound rule should do the same thing.
Src---------------Dest--------------Service--------------Action
InternalSubnets---SC@Any-----------Any-----------------Encrypt

The problem will be that 'udp-high-ports' have not the 'Match for Any' flag, so use a dedicated expizit rule.

I guess that you use 'automatic nat' rules?
Test the following.
If your Virtual SecurClient Network is for example 192.168.100.1/24 create a manual Nat rule like this as the first rule

Code:

Src         Dest             Service | Source  Dest    Service
IntNet   Net_192.168.100-24   Any    | =orig   =orig   =orig

For a first check use only the exchange object in the nat rule and watch the logs at the firewall and the desktop

[melipla]

Quote:

Originally Posted by dsb.nepo

I guess you use Exchange/Outlook.
Exchange sends periodicaly udp packets to the client to notify about new mails ...

I've found that the new mail notification works even when these packets are dropped.

[Spacetrucker]

Quote:

Originally Posted by melipla

I've found that the new mail notification works even when these packets are dropped.

dsb.nepo - Thanks for the manual nat rule detail and advice. I'll try this and get back to you.

Melipla - Are you saying that I shouldn't be too concerned about the dropped udp-high-port packets?

[dsb.nepo]

Quote:

I've found that the new mail notification works even when these packets are dropped.

Yes thats right but this comes from the client polling (if i remember every 5min per default setting)
Maybe this is from interest: No way to configure port for UDP new mail notification packets

[melipla]

Quote:

Originally Posted by Spacetrucker

Are you saying that I shouldn't be too concerned about the dropped udp-high-port packets?

Yes, that is what I'm saying. We use Outlook/Exchange 2007 and I receive notifcation instantly.