Hi everybody!
We bought two XGS2100 (SFOS 19.5.2 MR-2-Build624) routers to replace our two old MikroTiks.
One router is at our main site where everything connect's to the network (NAT & ISP is here), and the other router is at the other site which is connected by a wireless data link (no own ISP). Every traffic from the second site is routed to the main router and it get's NATed there.
Our problem is that from the main site everything works fine, but from the second site only one subdomain runs on a timeout.
Main site:
- domain.com
- HTTPS works (opening in browser)
- telnet works
- tcptrace works (tcp trace to domain.com:443)
- PING probably denied, but name resolution works
- sub.domain.com
- HTTPS works
- telnet works
- tcptrace works
- PING probably denied, but name resolution works
Second site:
- domain.com
- HTTPS works
- telnet works
- tcptrace works
- PING probably denied, but name resolution works
- sub.domain.com
- HTTPS times out
- telnet works
- tcptrace works
- PING probably denied, but name resolution works
I'm not sure why is it not loading the site, because telnet jumps to port 443 immediately, and the trace is going to the same direction.
Web filtering is turned off completely.
The same connection was working with the MikroTiks and the firewall seems to be tha same. Also Sophos's Policy tester says that the connection should work.
In the log viewer I can see a lot of invalid traffic from the client to the server's IP. (Could not associate packet to any connection.)
I have no idea why, but the invalid traffic goes to tha main router (I can see the same messages in the logs there also) and the reply gets back to the client, because telnet and TCP trace works, so I have no idea why is it invalid.
What should I check?
This thread was automatically locked due to age.
