[j-nsp] IPSEC VPN tunnel is not accepting only SMTP traffic

Humair Ali humair.s.ali at gmail.com
Sat Jul 3 06:57:50 EDT 2010


On top of what Dale just requested in terms of info,

here what else you could do:

1. create an any any any allow policy, place at top of the rule based, to
see if SMTP now reaches the mail server, this would eliminate any policy
problem.

2.

you said the tunnel is up , and that non SMTP traffic are flowing through, w

once this is confirm,

Do a snoop  on the interface matching SMTP traffic or port 25:

Start with:

-Interface facing the client sending the smtp traffic , this is to see if
SMTP traffic is reaching your ISG1000

if yes, then

-interface on the ISG 1000 facing the Cisco , to see if the SMTP traffic is
leaving the interfacing into the tunnel

then whoever manages the Cisco , needs to do the same to see if SMTP traffic
reaches the cisco , then the snoop output of logs should gives more details
of what is causing the smtp traffic to fail.



On 3 July 2010 04:20, Dale Shaw
<dale.shaw+j-nsp at gmail.com<dale.shaw%2Bj-nsp at gmail.com>
> wrote:

> Hi,
>
> On Fri, Jul 2, 2010 at 11:27 PM, Fahad Khan <fahad.khan at gmail.com> wrote:
> >
> > I am facing an issue regarding an IPSEC tunnel between ISG1000 and Cisco
> > box, The VPN is up, all traffic is going through it but only SMTP traffic
> is
> > some how not being flowing through the tunnel, no SMTP connection is
> being
> > made with mail server.
>
> There are so many variables and you've provided such little detail
> (again) that it's going to be difficult for people to help you.
>
> Things that are missing from your post:
>
> - Details of the 'Cisco box'
> - Details of the IPSec tunnel configuration on the peers
> - Details of the network infrastructure between the peers and between
> the endpoints
> - Software revisions running on the relevant nodes
> - How you have verified that the tunnel is 'up'
> - How you have verified that non-SMTP traffic is flowing
> - How you have verified that SMTP traffic is not flowing
> - What troubleshooting (if any) you've already done
>
> Cheers,
> Dale
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list