[EMAIL PROTECTED] wrote:
...
> All branches have VPN tunnels back to central location and
> the firewall rules
> have a pass quick over the VPN tunnels
>
> On the main location I have a
>
> pass quick log inet from <staffsegments> to <exchangeservers>
> keep state
> I also have a
> pass quick log inet from <exchangeservers> to <staffsegments>
> keep state
...
>
> I have looked over the tcpdumps and I didn't see any blocks
>
> From within the same location on the Staffsegment off of this
> same firewall it
> works fine. I would be using the same rules as the remote
> branches so it makes
> me think its something with the tunnels but not really sure
> at this point
>
> Any direction would be great.. For now, I had to back out and
> put junkpoint, I
> mean checkpoint in place.
Are you logging all blocks (at both locations)?
Is traffic leaving the VPN from the remote location through the VPN to the
exchange server (as viewed with tcpdump)?
Do you have any idea where traffic is being blocked/stopped?
Can you ping the exchange servers from the staff segment?
Is name resolution working(DNS/WINS) for staff segment?
Try "ping exchange" and "nbtstat -a exchange" or whatever the
exchange server is called.
You might wish to post your sanitized pf.conf and isakmpd.conf. Also, I'm
not sure what "From within the same location on the Staffsegment off of this
same firewall it works fine." means. But that could be just me.
-Steve S.
