[THIN] Re: Help is appreciated....
- From: "Chad Schneider (IT)" <Chad.M.Schneider@xxxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Tue, 29 Apr 2008 15:05:30 -0500
Ran a capture, int0 (ecternal) net 10.x.x (internal) and found that port 80
traffic is trying to go from source (internal) to the internet via the INT0
port on the CAG. This makes no sense to me.
Seems as though the 10.x.x.x addresses that are being give per the IP Pools,
are not using their listed default gateway, and instead, going external.
Chad Schneider
Systems Engineer
ThedaCare IT
920-735-7615
>>> On 4/29/2008 at 1:59 PM, <nick@xxxxxxxxxxxxxxxxxx> wrote:
DNS on the VPN?
From:thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Chad Schneider (IT)
Sent: 29 April 2008 19:11
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Help is appreciated....
Traceroute from the gateway admin desktop to external sites, NOTHING.
Chad Schneider
Systems Engineer
ThedaCare IT
920-735-7615
>>> On 4/29/2008 at 12:04 PM, <adwulf@xxxxxxxxx> wrote:
2008/4/29 Chad Schneider (IT) <Chad.M.Schneider@xxxxxxxxxxxxx>:
>
>
> We are not running a true proxy server.
>
> All internet traffic is routed through the firewall, but there is no Proxy
> listed in IE.
>
It sounds to me like your VPN users' default gateway is missing a
route to the outside world.
Compare traceroutes of VPN-Client > External and Internal-Client > External
- this should give you some idea of which route is missing.
It may also be that your firewall does not recognise the VPN subnet as
being an internal network.
For example - if your usually internal network consists of:
10.50.10.0/24 and 10.50.11.0/24, you probably have a rule on the
firewall which looks like:
From: 10.50.10.0/24 OR 10.50.11.0/24
To: EXTERNAL
Protocol: http,https,icmp,ftp,ssh,nntp,pop3
Action: PERMIT
If your VPN network is using something else (eg 192.168.10.0/24 or
10.50.12.0/24), then that rule won't be applied and the traffic will
not be permitted.
--
AdamT
We are laser-removed
Tasmanian Devil Tattoos
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
************************************************
- References:
- [THIN] Help is appreciated....
- From: Chad Schneider (IT)
- [THIN] Re: Help is appreciated....
- From: Berny Stapleton
- [THIN] Re: Help is appreciated....
- From: Chad Schneider (IT)
- [THIN] Re: Help is appreciated....
- From: Adam Thompson
- [THIN] Re: Help is appreciated....
- From: Chad Schneider (IT)
- [THIN] Re: Help is appreciated....
- From: Nick Smith
Other related posts:
- » [THIN] Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- » [THIN] Re: Help is appreciated....
- [THIN] Help is appreciated....
- From: Chad Schneider (IT)
- [THIN] Re: Help is appreciated....
- From: Berny Stapleton
- [THIN] Re: Help is appreciated....
- From: Chad Schneider (IT)
- [THIN] Re: Help is appreciated....
- From: Adam Thompson
- [THIN] Re: Help is appreciated....
- From: Chad Schneider (IT)
- [THIN] Re: Help is appreciated....
- From: Nick Smith