Can't connect to IPSEC VPN from my laptop through XG (v18 EAP3) firewall

Hello all,

 

I have recently upgraded my home firewall to v18 EAP3 and since then, I can no longer connect to my work's VPN from my work laptop. My work (sadly) uses SonicWall Global VPN client (UDP500) and I've created a rule specific to the static LAN IP of my company laptop.

 

A packet capture shows my laptop attempting to connect to the remote host on the LAN interface but not forwarding through to the internet. Ironically, if I try to access the same IP via HTTPS, it forwards right through.

 

Has anyone else had any issues with v18 EAP3 not forwarding outbound UDP port 500?

 

Thanks all!

  • I tried it on my XG running EAP3 refresh 1, and I am seeing pkts getting forwarded.

    08:28:40.813704 Port1, IN: IP 172.16.17.21.53630 > 10.8.9.28.500: isakmp: phase 1 I agg
    08:28:40.813789 LW_Br, IN: IP 172.16.17.21.53630 > 10.8.9.28.500: isakmp: phase 1 I agg
    08:28:40.814219 Port2_ppp, OUT: IP 10.254.238.194.53630 > 10.8.9.28.500: isakmp: phase 1 ? agg


    08:28:41.307615 Port1, IN: IP 172.16.17.21.53630 > 10.8.9.28.500: isakmp: phase 1 I agg
    08:28:41.307637 LW_Br, IN: IP 172.16.17.21.53630 > 10.8.9.28.500: isakmp: phase 1 I agg
    08:28:41.308130 Port2_ppp, OUT: IP 10.254.238.194.53630 > 10.8.9.28.500: isakmp: phase 1 ? agg

     

    proto=udp proto-no=17 timeout=9 orig-src=172.16.17.21 orig-dst=10.8.9.28 orig-sport=53630 orig-dport=500 packets=3 bytes=168 [UNREPLIED] reply-src=10.8.9.28 reply-dst=10.254.238.194 reply-sport=500 reply-dport=53630 packets=0 bytes=0 mark=0x8001 use=1 id=1637124608 masterid=0 devin=Port1 devout=Port2_ppp nseid=0 ips=1 sslvpnid=0 webfltid=1 appfltid=1 icapid=0 policytype=1 fwid=2 natid=2 fw_action=1 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0 inzone=1 outzone=2 devinindex=5 devoutindex=33 hb_src=0 hb_dst=0 flags0=0x800a0802200008 flags1=0x10020800000 flagvalues=3,21,25,35,41,43,55,87,93,104 catid=0 user=6 luserid=3 usergp=2 hotspotuserid=0 hotspotid=0 dst_mac=7c:5a:1c:84:8c:b6 src_mac=38:f9:d3:83:c5:9c startstamp=1579575520 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=33 tlsruleid=0 ips_nfqueue=2 sess_verdict=0 gwoff=0 cluster_node=0 current_state[0]=31 current_state[1]=0 vlan_id=0 inmark=0x0 brinindex=30 sessionid=162 sessionidrev=25625 session_update_rev=0 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir0=0 pbrid_dir1=0 nhop_id[0]=65535 nhop_id[1]=65535 nhop_rev[0]=0 nhop_rev[1]=0 conn_fp_id=NOT_OFFLOADED

     

    I am using Sophos Connect as Client.

     

    In case this doesn't fix issue for you we may have to get it investigated. 

     

    Regards,

    Alok

  • Tried same with Cisco AnyConnect client and still I am seeing pkts getting forwarded as expected.

     

    23:11:08.005747 wlnet1, IN: IP 172.16.17.21.500 > 10.8.9.28.500: isakmp: phase 1 I agg

    23:11:08.005801 LW_Br, IN: IP 172.16.17.21.500 > 10.8.9.28.500: isakmp: phase 1 I agg

    23:11:08.006185 Port2_ppp, OUT: IP 10.254.238.194.500 > 10.8.9.28.500: isakmp: phase 1 ? agg

     

    23:11:11.208774 wlnet1, IN: IP 172.16.17.21.500 > 10.8.9.28.500: isakmp: phase 1 I agg

    23:11:11.208782 LW_Br, IN: IP 172.16.17.21.500 > 10.8.9.28.500: isakmp: phase 1 I agg

    23:11:11.208901 Port2_ppp, OUT: IP 10.254.238.194.500 > 10.8.9.28.500: isakmp: phase 1 ? agg

     

    -Alok