setup a mtr, target to palo alto (may be in udp mode is a good idea) and watch for routing issues and/or packet loss. sounds in first instance like a flaky connection or routing changes.
try to disable any DOS detection/prevention mechanisms in the firmware of the speedport. if there is any, moslty located near WAN-Setup. hth = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = 2014-05-19 15:24 GMT+02:00 Peter Collins <[email protected]>: > Hi, > > I have a pfsense behind a Telekom Speedport W921v which connects a IPSec > VPN to a Palo Alto device which has been working fine for months. > > However last night traffic stopped for no apparent reason. The pfsense WAN > address is a 192.168.2.0/24 provided by DHCP om the Speedport and there > is no forwarding rules in place on the Speedport. > > The confusing part is the tunnel is showing as active on the Palo Alto and > when rebooting the Speedport I see it connecting again, but no traffic is > reaching the other end of the tunnel i.e. pings, telnet or rdp > > I'm currently wondering if the Speedport has had some sort of update that > requires us to forward UDP 500 / 4500 etc now but like I say it has been > working fine for months until last night. > > Does any one have any thoughts on it? > > Unfortunately switching the Speedport to modem mode isn't an option > currently. > > Many thanks > > Peter. > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
