PDA

View Full Version : Outlook losing connection to Exchange server, E75.20 and E75.30, tcpdump syntax



Spacetrucker
2012-11-22, 00:15
I'm asking for help with troubleshooting Outlook losing it's connection back to the Exchange server when it's connected via the vpn.

I'd like to run tcpdump and need help with the syntax.

Found this link so I have a start.
https://www.cpug.org/forums/clustering-security-gateway-ha-clusterxl/6760-tcpdump-syntax.html

Splat R75.30 SG and Management server on the same box.
E75.20 and E75.30 on Win7 Pro SP1 64 bit laptops.

Outlook 2010 to Exchange 2003 using SMTP.

I have three different users who have this problem who are convinced it's the vpn or a setting on the gateway.
I need to verify it is or it isn't.

Thanks

Spacetrucker
2012-11-23, 10:21
I'm asking for help with troubleshooting Outlook losing it's connection back to the Exchange server when it's connected via the vpn.

I'd like to run tcpdump and need help with the syntax.

Found this link so I have a start.
https://www.cpug.org/forums/clustering-security-gateway-ha-clusterxl/6760-tcpdump-syntax.html

Splat R75.30 SG and Management server on the same box.
E75.20 and E75.30 on Win7 Pro SP1 64 bit laptops.

Outlook 2010 to Exchange 2003 using SMTP.

I have three different users who have this problem who are convinced it's the vpn or a setting on the gateway.
I need to verify it is or it isn't.

Thanks

No responses yet, is this a poorly asked question, not enough info?
I'm asking for the tcpdump syntax.
I've got sk33327 how to generate a valid ike debug, vpn debug and fw moniitor and sk62692 ports used on security gateway for secureclient and endpoint connect.
And I'm continuing to dig for a solution.

Thanks

Thanks

Spacetrucker
2012-11-23, 10:36
No responses yet, is this a poorly asked question, not enough info?
I'm asking for the tcpdump syntax.
I've got sk33327 how to generate a valid ike debug, vpn debug and fw moniitor and sk62692 ports used on security gateway for secureclient and endpoint connect.
And I'm continuing to dig for a solution.

Thanks

Thanks


Found this which is great.
https://www.cpug.org/forums/ipsec-vpn-blade-virtual-private-networks/4764-vpn-trouble-shooting.html

Keep in mind my problem isn't making the connection or maintaining it. The connection is solid. It's Outlook losing its connection back to Exchange.

Thanks

dsb.nepo
2012-11-23, 16:13
Found this which is great.
https://www.cpug.org/forums/ipsec-vpn-blade-virtual-private-networks/4764-vpn-trouble-shooting.html

Keep in mind my problem isn't making the connection or maintaining it. The connection is solid. It's Outlook losing its connection back to Exchange.

Thanks

I suspect you want to use
# fw monitor instead tcpdump.

For fw monitor try with a simple filter like

fw monitor -e 'accept ((src=$ClientIP, dst=$ServerIP) or (src=$ServerIP,dst=$ClientIP));'

tcpdump examples:
show all traffic from client or exchange

tcpdump -net -i $ethX host $Serverip or $ClientIP

show traffic send from server to exchange

tcpdump -net -i $ethX src $Serverip and dst $ClientIP

show traffic from exchange -> client or from client -> exchange

tcpdump -net -i $ethX src $Serverip and dst $ClientIP or src $ClientIP and dst $ServerIP

same as before but capture to file

tcpdump -net -i $ethX -w offline.cap src $Serverip and dst $ClientIP or src $ClientIP and dst $ServerIP

Quick man page
man tcpdump (http://www.freebsd.org/cgi/man.cgi?query=tcpdump)

In previous client versions there was inside the program dir a traffic capture tool srfw.exe

bin\srfw.exe monitor -o outfile.cap

From what I'm reading this tool was replaced with PacketMon.

Sorry could not help more, we stopped using CheckPoint for client VPN.

Spacetrucker
2012-11-24, 00:29
I suspect you want to use
# fw monitor instead tcpdump.

For fw monitor try with a simple filter like

fw monitor -e 'accept ((src=$ClientIP, dst=$ServerIP) or (src=$ServerIP,dst=$ClientIP));'

tcpdump examples:
show all traffic from client or exchange

tcpdump -net -i $ethX host $Serverip or $ClientIP

show traffic send from server to exchange

tcpdump -net -i $ethX src $Serverip and dst $ClientIP

show traffic from exchange -> client or from client -> exchange

tcpdump -net -i $ethX src $Serverip and dst $ClientIP or src $ClientIP and dst $ServerIP

same as before but capture to file

tcpdump -net -i $ethX -w offline.cap src $Serverip and dst $ClientIP or src $ClientIP and dst $ServerIP

Quick man page
man tcpdump (http://www.freebsd.org/cgi/man.cgi?query=tcpdump)

In previous client versions there was inside the program dir a traffic capture tool srfw.exe

bin\srfw.exe monitor -o outfile.cap

From what I'm reading this tool was replaced with PacketMon.

Sorry could not help more, we stopped using CheckPoint for client VPN.

Many thanks for such a detailed reply, it's much appreciated, and very helpful for me.
What I had come up with was simply - tcpdump -nni eth? server xxx.xxx.xxx.xxx and client xxx.xxx.xxx.xxx

Why did you stop using Check Points client vpn?
And if your still using Check Point, what are you using for a vpn?

Thanks

Spacetrucker
2012-11-28, 23:07
I suspect you want to use
# fw monitor instead tcpdump.

For fw monitor try with a simple filter like

fw monitor -e 'accept ((src=$ClientIP, dst=$ServerIP) or (src=$ServerIP,dst=$ClientIP));'

tcpdump examples:
show all traffic from client or exchange

tcpdump -net -i $ethX host $Serverip or $ClientIP

show traffic send from server to exchange

tcpdump -net -i $ethX src $Serverip and dst $ClientIP

show traffic from exchange -> client or from client -> exchange

tcpdump -net -i $ethX src $Serverip and dst $ClientIP or src $ClientIP and dst $ServerIP

same as before but capture to file

tcpdump -net -i $ethX -w offline.cap src $Serverip and dst $ClientIP or src $ClientIP and dst $ServerIP

Quick man page
man tcpdump (http://www.freebsd.org/cgi/man.cgi?query=tcpdump)

In previous client versions there was inside the program dir a traffic capture tool srfw.exe

bin\srfw.exe monitor -o outfile.cap

From what I'm reading this tool was replaced with PacketMon.

Sorry could not help more, we stopped using CheckPoint for client VPN.

dsb.nepo thanks again. Turns out the .ost file was corrupt. Problem solved. I had to use fw monitor for the packet capture. I couldn't get tcpdump to write the output to a file.