On 11/26/2010 9:28 AM, Ben Chamberlain wrote:
Hi Matthew,
I appreciate that you have many queries to answer but did you have any thoughts
on the below?
Sorry. I have been swamped lately. In my previous response, I was asking
if you have 192.168.1.0/24 defined in one of your policies. I meant in
one of the policies defined on the Fortigate end.
The only thing I can think of is that there is a difference in the way
the working Fortigate is configured vs your primary Fortigate. This may
be related to a security policy ( check your firewall rules ) that
references the 192.168.1.0/24 network. Maybe another site to site tunnel
that uses that network? Another option could be that you have a static
route that points 192.168.1.0/24 to an internal gateway? I'm not sure.
Have you gone through both firewalls and done an in depth config
comparison to ensure they are exactly the same?
-Matthew
Many thanks,
Ben Chamberlain
Swyddog Cefnogi Cymorth Technoleg Gwybodaeth a Chyfathrebiadau/Information and
Communications Technology Support Officer
Gwasaneth Tân ac Achub Gogledd Cymru/North Wales Fire and Rescue Service
Ffôn/Telephone: 01492 564 949
Ffacs/Fax: 01492 593 956
Am archwiliad diogelwch tân yn y cartref, ffoniwch 0808 100 2863, e-bostiwch
[email protected] neu ymwelwch â www.gwastan-gogcymru.org.uk.
For a free home fire safety check, please call 0808 100 2863, e-mail
[email protected] or visit www.nwales-fireservice.org.uk.
-----Original Message-----
From: Ben Chamberlain
Sent: 16 November 2010 08:35
To: 'Matthew Grooms'; [email protected]
Subject: RE: FW: RE: [vpn-help] No DHCP Response from Gateway
Hi Matt,
Yes I've tried defining the network as 'Tunnel All', allow
192.168.1.0/255.255.255.0 and allow 192.168.0.0/255.255.0.0 individually and
none work for our primary Fortigate.
Interestingly all of the above work fine for our secondary Fortigate - please
see my previous postings for the make/model/firmware of our primary/secondary
Fortigates.
Can you think of anything that might be configured differently on our Primary
Fortigate that would always cause a 'No DHCP Response from Gateway' on Shrew
everytime when the local subnet of the connecting client is 192.168.1.xxx?
Many thanks again,
Ben Chamberlain
Swyddog Cefnogi Cymorth Technoleg Gwybodaeth a Chyfathrebiadau/Information and
Communications Technology Support Officer Gwasaneth Tân ac Achub Gogledd
Cymru/North Wales Fire and Rescue Service
Ffôn/Telephone: 01492 564 949
Ffacs/Fax: 01492 593 956
Am archwiliad diogelwch tân yn y cartref, ffoniwch 0808 100 2863, e-bostiwch
[email protected] neu ymwelwch â www.gwastan-gogcymru.org.uk.
For a free home fire safety check, please call 0808 100 2863, e-mail
[email protected] or visit www.nwales-fireservice.org.uk.
-----Original Message-----
From: Matthew Grooms [mailto:[email protected]]
Sent: 16 November 2010 05:04
To: Ben Chamberlain
Subject: Re: FW: RE: [vpn-help] No DHCP Response from Gateway
On 11/12/2010 3:41 PM, Ben Chamberlain wrote:
Hi Matt,
I have been able to re-create this issue consistently.
The problem is with the local subnet.
If you have a local 192.168.0.xxx address, everything works fine -
however if you have a local 192.168.1.xxx address the symptoms are as
described.
What would cause this issue when all VPN traffic is tunnelled in
either case and virtual adaptors are used?
Any pointers would be most appreciated.
Regards,
Ben Chamberlain
Ben,
Do you have the 192.168.1.0/24 network defined in one of your policies?
-Matthew
**********************************************************************
Cyfrinachedd: Mae’r neges e-bost hon ac unrhyw ffeiliau a
drosglwyddir gyda hi, yn breifat ac fe allent fod yn cynnwys gwybodaeth
sy’n gyfrinachol neu’n gyfreithiol-freintiedig. Os byddwch yn derbyn
y neges hon trwy gamgymeriad, a fyddech mor garedig â rhoi
gwybod inni a chael gwared arni o’ch system ar unwaith.
Ymwadiad: Fe allai e-bostio trwy’r We fod yn agored i oedi,
rhyng-gipio, peidio â chyrraedd, neu newidiadau heb eu hawdurdodi.
Felly, nid yw’r wybodaeth a fynegir yn y neges hon yn cael cefnogaeth
GTAGC oni bai fod cynrychiolydd awdurdodedig, yn annibynnol
ar yr e-bost hwn, yn hysbysu ynghylch hynny. Ni ddylid gweithredu
o ddibynnu ar gynnwys yr e-bost hwn yn unig.
Monitro: Bydd GTAGC yn monitro cynnwys e-byst at ddiben
atal neu ddarganfod troseddau, a hynny er mwyn sicrhau diogelwch
ein systemau cyfrifiadurol a gwirio cydymffurfiad â’n polisïau.
Gwasanaeth Tân ac Achub Gogledd Cymru
Parc Busnes Llanelwy, Sir Ddinbych. LL17 0JJ
**********************************************************************
Confidentiality: This email and any files transmitted with it, are
private and may contain confidential or legally privileged information.
If you receive this message in error, please notify us and then
immediately remove it from your system.
Disclaimer: Internet email may be subject to delays, interception,
non-delivery or unauthorised alterations. Therefore, information
expressed in this message is not endorsed by NWFRS unless
otherwise notified by an authorised representative independent
of this email. No action should be taken in reliance on the
content of this email.
Monitoring: NWFRS monitors email traffic content for the purposes
of the prevention and detection of crime, ensuring the security of
our computer systems and checking compliance with our policies
North Wales Fire and Rescue Service
St Asaph Business Park, Denbighshire. LL17 0JJ
**********************************************************************
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
