Everyone,
Yesterday we replaced our firewall with the new Firebox X750e. Everything is working great except for the following issue:
issue:
when Mobile VPN is connected users cannot send/rec emails using outlook and they cannot open up owa either.
though they can access anything within the network just fine. If we disable the vpn, outlook sucessfuly make a connection with Exchange server (inhouse) and everything works great. MuVPN subnet (Vpn pool) is different than the internal one.
Looking at the errors on the traffic, following can be seen:
2008-09-06 18:10:47 Deny 172.16.65.2 6X.XX.XX.69 https/tcp 49331 443 XYZ Mobile VPN Users/IPsec Firebox denied (decrypted packet, SA info: id 0x03cfc579 ) 52 128 (Unhandled MUVPN Packet.in-01) tcpinfo="offset 8 S 2584967265 win 8192" src_user="ABCD@Active Directory" rc="101" Traffic
Accoring to the abv log, https traffic are being denied. When i look into the policy for https: it shows FROM any TO (external IP: 6X.XX.XX.69) -> (internal IP:172.XX.XX.56)
.56 is the domain controller/dhcp/exchange
When i try to ping owa, it shows me the external IP as 6X.XX.XX.69, where as it should be resolved internally and should go to 172.XX.XX.56, but that is not the case.
Has anyone seen this before, any thoughts?
Thanks in advance for your time,
qahsan.
Yesterday we replaced our firewall with the new Firebox X750e. Everything is working great except for the following issue:
issue:
when Mobile VPN is connected users cannot send/rec emails using outlook and they cannot open up owa either.
though they can access anything within the network just fine. If we disable the vpn, outlook sucessfuly make a connection with Exchange server (inhouse) and everything works great. MuVPN subnet (Vpn pool) is different than the internal one.
Looking at the errors on the traffic, following can be seen:
2008-09-06 18:10:47 Deny 172.16.65.2 6X.XX.XX.69 https/tcp 49331 443 XYZ Mobile VPN Users/IPsec Firebox denied (decrypted packet, SA info: id 0x03cfc579 ) 52 128 (Unhandled MUVPN Packet.in-01) tcpinfo="offset 8 S 2584967265 win 8192" src_user="ABCD@Active Directory" rc="101" Traffic
Accoring to the abv log, https traffic are being denied. When i look into the policy for https: it shows FROM any TO (external IP: 6X.XX.XX.69) -> (internal IP:172.XX.XX.56)
.56 is the domain controller/dhcp/exchange
When i try to ping owa, it shows me the external IP as 6X.XX.XX.69, where as it should be resolved internally and should go to 172.XX.XX.56, but that is not the case.
Has anyone seen this before, any thoughts?
Thanks in advance for your time,
qahsan.