Re: [j-nsp] IPSEC VPN tunnel is not accepting only SMTP traffic
On top of what Dale just requested in terms of info, here what else you could do: 1. create an any any any allow policy, place at top of the rule based, to see if SMTP now reaches the mail server, this would eliminate any policy problem. 2. you said the tunnel is up , and that non SMTP traffic are flowing through, w once this is confirm, Do a snoop on the interface matching SMTP traffic or port 25: Start with: -Interface facing the client sending the smtp traffic , this is to see if SMTP traffic is reaching your ISG1000 if yes, then -interface on the ISG 1000 facing the Cisco , to see if the SMTP traffic is leaving the interfacing into the tunnel then whoever manages the Cisco , needs to do the same to see if SMTP traffic reaches the cisco , then the snoop output of logs should gives more details of what is causing the smtp traffic to fail. On 3 July 2010 04:20, Dale Shaw dale.shaw+j-...@gmail.comdale.shaw%2bj-...@gmail.com wrote: Hi, On Fri, Jul 2, 2010 at 11:27 PM, Fahad Khan fahad.k...@gmail.com wrote: I am facing an issue regarding an IPSEC tunnel between ISG1000 and Cisco box, The VPN is up, all traffic is going through it but only SMTP traffic is some how not being flowing through the tunnel, no SMTP connection is being made with mail server. There are so many variables and you've provided such little detail (again) that it's going to be difficult for people to help you. Things that are missing from your post: - Details of the 'Cisco box' - Details of the IPSec tunnel configuration on the peers - Details of the network infrastructure between the peers and between the endpoints - Software revisions running on the relevant nodes - How you have verified that the tunnel is 'up' - How you have verified that non-SMTP traffic is flowing - How you have verified that SMTP traffic is not flowing - What troubleshooting (if any) you've already done Cheers, Dale ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] IPSEC VPN tunnel is not accepting only SMTP traffic
Hi Folks, I am facing an issue regarding an IPSEC tunnel between ISG1000 and Cisco box, The VPN is up, all traffic is going through it but only SMTP traffic is some how not being flowing through the tunnel, no SMTP connection is being made with mail server. Can any one comment on it? regards, Muhammad Fahad Khan JNCIP - M/T # 834 IT Specialist Global Technology Services, IBM fa...@pk.ibm.com +92-321-2370510 +92-301-8247638 Skype: fahad-ibm http://www.linkedin.com/in/muhammadfahadkhan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] IPSEC VPN tunnel is not accepting only SMTP traffic
Is this an ASA Firewall? Try turning off ESMTP fixup on the ASA side. Regards Farrukh On Fri, Jul 2, 2010 at 4:27 PM, Fahad Khan fahad.k...@gmail.com wrote: Hi Folks, I am facing an issue regarding an IPSEC tunnel between ISG1000 and Cisco box, The VPN is up, all traffic is going through it but only SMTP traffic is some how not being flowing through the tunnel, no SMTP connection is being made with mail server. Can any one comment on it? regards, Muhammad Fahad Khan JNCIP - M/T # 834 IT Specialist Global Technology Services, IBM fa...@pk.ibm.com +92-321-2370510 +92-301-8247638 Skype: fahad-ibm http://www.linkedin.com/in/muhammadfahadkhan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] IPSEC VPN tunnel is not accepting only SMTP traffic
Yes, I tried disabling it. but did not work :( regards, Muhammad Fahad Khan JNCIP - M/T # 834 IT Specialist Global Technology Services, IBM fa...@pk.ibm.com +92-321-2370510 +92-301-8247638 Skype: fahad-ibm http://www.linkedin.com/in/muhammadfahadkhan On Fri, Jul 2, 2010 at 6:45 PM, Farrukh Haroon farrukhhar...@gmail.comwrote: Is this an ASA Firewall? Try turning off ESMTP fixup on the ASA side. Regards Farrukh On Fri, Jul 2, 2010 at 4:27 PM, Fahad Khan fahad.k...@gmail.com wrote: Hi Folks, I am facing an issue regarding an IPSEC tunnel between ISG1000 and Cisco box, The VPN is up, all traffic is going through it but only SMTP traffic is some how not being flowing through the tunnel, no SMTP connection is being made with mail server. Can any one comment on it? regards, Muhammad Fahad Khan JNCIP - M/T # 834 IT Specialist Global Technology Services, IBM fa...@pk.ibm.com +92-321-2370510 +92-301-8247638 Skype: fahad-ibm http://www.linkedin.com/in/muhammadfahadkhan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] IPSEC VPN tunnel is not accepting only SMTP traffic
Hi, On Fri, Jul 2, 2010 at 11:27 PM, Fahad Khan fahad.k...@gmail.com wrote: I am facing an issue regarding an IPSEC tunnel between ISG1000 and Cisco box, The VPN is up, all traffic is going through it but only SMTP traffic is some how not being flowing through the tunnel, no SMTP connection is being made with mail server. There are so many variables and you've provided such little detail (again) that it's going to be difficult for people to help you. Things that are missing from your post: - Details of the 'Cisco box' - Details of the IPSec tunnel configuration on the peers - Details of the network infrastructure between the peers and between the endpoints - Software revisions running on the relevant nodes - How you have verified that the tunnel is 'up' - How you have verified that non-SMTP traffic is flowing - How you have verified that SMTP traffic is not flowing - What troubleshooting (if any) you've already done Cheers, Dale ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp