We have a server looking to communicate through both a firewall and a router set up with a VPN to a remote public address on a certain port. The opposite end complains that they can send and receive traffic successfully when they initiate the connection from their end but cannot see traffic when we initiate. The setup is as follows:
Server > Firewall > router (with IPsec VPN tunnel) > Internet < router (with IPsec VPN tunnel) < RemoteServer
We do not have access to the local VPN router's configs so we want to make sure traffic is getting to it from our firewall properly for it to then transmit across the net to the remote end.
Lets say our server at 192.168.aaa.aa2/24 initiates the communication by sending a request to the end IP of 157.xxx.xxx.xx5 on port 32xxx. The packet's first checkpoint is the firewall, where it gets translated from the internal interface of the firewall (192.168.aaa.aa1/24) to the external interface (192.168.bbb.bb2/30) which faces the internal interface of the VPN router (192.168.bbb.bb1/30). So, with Wireshark sitting between the firewall's external interface and the VPN router's internal interface, we see traffic with a source address of 192.168.bbb.bb2 and destination address of 157.xxx.xxx.xx5, but then it gets confusing as far as ports go when we see this: 49xxx > 32xxx. It's a SYN packet with the source port as 49xxx and destination port as the intended target port of the remote end which is 32xxx.
The question is, what does this mean and what should the VPN router see coming from the firewall? Is there a NAT that is not happening properly? The 49xxx number varies and I'm not sure where that number is coming from. Any assistance would help. Thanks.
asked 19 Jun '13, 06:54
That's because of the NAT on your firewall.
answered 19 Jun '13, 07:45
Kurt Knochner ♦
edited 19 Jun '13, 07:45