Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 4 subscribers
  • Views 2331 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outgoing SSL VPN connection dropping

Brian Macdonald

UTM 9.702-1

A new customer provided an outgoing SSL VPN connection for our company to connect to theirs.  The connection goes out through the UTM. We can establish the connection but after 4 or 5 minutes the connection is dropped. Examining the tcpdump, it seems our client, behind the UTM, is sending TCP resets. If we are outside the UTM, i.e. Home, there is no problem, connection stays up.  The problem appears to be going out the UTM. Any ideas appreciated.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the community!

    When you say connection outside the UTM works fine, did you mean you connect to that internal host via DNAT rule? 

    Is it site to site SSL VPN or remote access SSL VPN that you are experiencing the issue? If the client behind the UTM is sending reset packets, I would advise investigating the reason why it resets the connection. 

    Thanks,

  • 0 in reply to FormerMember

    Scenario A - I'm at my office connecting to my customer's ssl vpn (outgoing), communication goes through UTM, result connection drops after 4-5 minutes.

    Scenario B - I'm at home connecting to my customer's ssl vpn (outgoing), communication goes through ISP's router, result connection stay up, no problems.

    This is not site to site vpn. I go to a webpage and log in and an ssl connection is established and subsequently an RDP connection is tunneled through it.

  • 0 in reply to Brian Macdonald

    Hi Brian and welcome to the UTM Community!

    TCP resets are not uncommon.  What do you learn from doing #1 in Rulz (last updated 2019-04-17)?

    If you're not the administrator of the UTM, it will be difficult to help you.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I made an exception in Intrusion Prevention for the website. Also I don't see anything in the Intrusion Prevention or Application Control logs.  Advanced Threat Protection is zero.

    I see entries like this in the firewall log but they don't coincide with the connection loss, they come before:

    2020:05:29-13:33:36 utm ulogd[23981]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:15:5d:0c:62:35" srcip="xx.xx.xx.xx" dstip="192.168.12.188" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="1252" tcpflags="RST"
    2020:05:29-13:33:36 utm ulogd[23981]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:15:5d:0c:62:35" srcip="xx.xx.xx.xx" dstip="192.168.12.188" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="1252" tcpflags="RST"
    2020:05:29-13:33:36 utm ulogd[23981]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:15:5d:0c:62:35" srcip="xx.xx.xx.xx" dstip="192.168.12.188" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="1252" tcpflags="RST"

Reply
  • 0 in reply to BAlfson

    I made an exception in Intrusion Prevention for the website. Also I don't see anything in the Intrusion Prevention or Application Control logs.  Advanced Threat Protection is zero.

    I see entries like this in the firewall log but they don't coincide with the connection loss, they come before:

    2020:05:29-13:33:36 utm ulogd[23981]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:15:5d:0c:62:35" srcip="xx.xx.xx.xx" dstip="192.168.12.188" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="1252" tcpflags="RST"
    2020:05:29-13:33:36 utm ulogd[23981]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:15:5d:0c:62:35" srcip="xx.xx.xx.xx" dstip="192.168.12.188" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="1252" tcpflags="RST"
    2020:05:29-13:33:36 utm ulogd[23981]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:15:5d:0c:62:35" srcip="xx.xx.xx.xx" dstip="192.168.12.188" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="1252" tcpflags="RST"

Children
Unfiltered HTML