[isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...

  • From: "Mark Morgan" <MMorgan@xxxxxxxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 13 Apr 2006 15:43:05 -0700

Try doing a ping -t from an inside device not the isa and use the isa monitor 
to see what is happening to your traffic. also use the mmc ip security monitor 
and check quick mode security associations to see if the peer addr is the 
192.168.101.0. Do you have a policy set to allow ping through the tunnel? by 
default it will not let any traffic through.
 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]On 
Behalf Of Ray Dzek
Sent: Thursday, April 13, 2006 3:39 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...


Ping from the ISA server gives this.
 
Pinging 192.168.101.8 with 32 bytes of data:
 
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.


Ping from any other device on the network yields request timed out.
 

   _____  

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ray Dzek
Sent: Thursday, April 13, 2006 3:32 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...


I'm not getting any error.  It is just not working.  The route is added in fine.
 
Persistent Routes:
  Network Address       Netmask       Gateway Address  Metric
    192.168.101.0      255.255.255.0        10.1.8.99             1
 
I guess I will poke around some more....

   _____  

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Mark Morgan
Sent: Thursday, April 13, 2006 2:49 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Was Re: VPN Monitoring.. now MOVING ON...


ROUTE -P ADD..... SHOULD WORK I HAVE THE SAME THINK AT MY SITE. WHAT ERROR ARE 
YOU GETTING WHEN YOU TRY TO ADD THE ROUTE?
 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]On 
Behalf Of Ray Dzek
Sent: Thursday, April 13, 2006 1:47 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Was Re: VPN Monitoring.. now MOVING ON...


Okay .. so we moved the connection over to the Cisco ASA box where I can 
actually monitor what the heck is going on.  But I still need ISA in this as it 
is the default gateway for the rest of the network.
 
So..    on ISA I thought I could just do a route -p add route mask gateway.  
But apparently I am WRONG... again
 
How can I make ISA route the 192.168.101.0 traffic over to the other gateway?  
I tried networks and network sets, but neither allow for adding a gateway or 
any routing other than through a VPN connection.

   _____  

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ray Dzek
Sent: Thursday, April 13, 2006 9:25 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Monitoring


Well .. thanks everybody that responded.  I did notice something else.  On the 
dashboard it lists site to site VPN, but says "0" when I know I have 2 
site-to-site VPNs up and running.
 
Anyway... the data in the sonic wall is WAY more complete and WAY easier to get 
to, so we are going with that.  I think we grabbed the data we need, now we 
just have to figure out what to do with it.  There appears to be some kind of 
time-out issue on their end and the tunnel keeps dropping and rebuilding.
 
Note to MS ... ISA needs way better tools.  

   _____  

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of John T (Lists)
Sent: Wednesday, April 12, 2006 11:42 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Monitoring



Are you logging the Sonicwalls to a syslog? I have found that helps to track 
problems down.

 

John T

eServices For You

 

"Seek, and ye shall find!"

 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ray Dzek
Sent: Wednesday, April 12, 2006 9:46 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] VPN Monitoring

 

Hi all... 

 

Its a hair less frantic this week.  We are trying to track down issues with our 
point to point IPSec tunnels to Europe.  We are using ISA on this end and 
SonicWall TZ150's and 170's on the far end.  The far end is trying to run 
Oracle 11i Applications and are getting intermittent timeouts.  Usually 2-3 per 
day.  (Their day.  We are PST and they are CET)  There is nothing in the ISA 
logs to indicate the tunnel is dropping, but there doesn't appear to be ANY 
logging of anything related to the tunnel in the event logs, other than traffic 
logged into the firewall logs.  But the firewall logs won't show the tunnel as 
being down.  Is there a way to monitor the tunnel status?  Nothing appears to 
be logged if/when the tunnel is dropped and then reconnected.  Can anybody 
recommend something that could monitor real-time status of the tunnels?  The 
"outage" appears to just be a "wink" where the applications will disconnect for 
just a second.

 

Thanks all!

 

 

Ray Dzek
Net Ops / Helpdesk Supervisor
Specialized Bicycle Components 

 


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.1/310 - Release Date: 4/12/2006



--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.1/310 - Release Date: 4/12/2006



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.1/310 - Release Date: 4/12/2006



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.1/310 - Release Date: 4/12/2006

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 04-2006