D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: ctty on May 05, 2010, 01:00:22 AM

Title: Dlink DFL-260 (IPSec) one way work
Post by: ctty on May 05, 2010, 01:00:22 AM

2 Dlink DFL-260
identically configured: Rule, IP Settings, Routibng Tables, Interface.
Both DFL-210 have - ping and tracert

BUT!
This net one way work. net http://imglink.ru/show-image.php?id=2022fa6c771de54322cdb69d64ee24fb

now DynDns 78.3x.226.184

Tunnel work from А to В(I see share folder), but no A to B(I see no share folder)

Rules
# Name Action Src If Src Net Dest If Dest Net Service
1 ping_fw Allow any all-nets lan all-nets ping-inbound
2 lan_to_wan (default)
3 ipsec-rule (scenario)

Routing table
# Type Interface Network Gateway Local IP address Metric Monitor this route Comments
1 Route office-mail fwB-remotenet 90 No Direct route for network fwB-remotenet over interface office-mail.
2 Route wan wannet 100 No Direct route for network wannet over interface wan.
3 Route wan all-nets wan_gw 100 No Default route over interface wan.
4 Route dmz dmznet 100 No Direct route for network dmznet over interface dmz.
5 Route lan lannet 100 No Direct route for network lannet over interface lan.

Status Connecion
State Proto Source Destination Timeout
TCP_OPEN TCP lan:192.168.0.45:2471 wan:109.184.87.11:5938 247856
TCP_OPEN TCP lan:192.168.0.45:2509 wan:91.77.123.111:5938 250519

Side В
Flags Network Interface Gateway Local IP Metric
255.255.255.248 wan 100
192.168.100.0/24 fw-ipsec 90
172.17.100.0/24 dmz 100
192.168.0.0/24 lan 100
0.0.0.0/0 wan 81.9.67.xx 100

Side А
Flags Network Interface Gateway Local IP Metric
255.255.255.251 wan 100
192.168.0.0/24 fw-ipsec 90
172.17.100.0/24 dmz 100
192.168.100.0/24 lan 100
0.0.0.0/0 szt 70
0.0.0.0/0 wan 78.36.224.xx 100

Title: Re: Dlink DFL-260 (IPSec) one way work
Post by: Fatman on May 05, 2010, 08:26:07 AM

Disable automatic route creation for the WAN interface on side A and set the WAN_IP, WAN_Net, and WAN_GW to 0.0.0.0.

Set your szt metric to 150.

Title: Re: Dlink DFL-260 (IPSec) one way work
Post by: ctty on May 06, 2010, 02:45:47 AM

Thank you very much for your reply.
I do that, but result 0

 Flags       Network       Interface       Gateway       Local IP       Metric     
     192.168.0.0/24   fw-ipsec         90
     172.17.100.0/24   dmz         100
     192.168.100.0/24   lan         100
     0.0.0.0/0   szt         150

WAN_IP, WAN_Net, WAN_GW - 0.0.0.0
automatic route for the WAN - off

Title: Re: Dlink DFL-260 (IPSec) one way work
Post by: Fatman on May 06, 2010, 08:06:54 AM

Then we either need to find some interesting log entries or we are about to enter into the land of PM me and I will look at your configs/live units.

Title: Re: Dlink DFL-260 (IPSec) one way work
Post by: ctty on May 07, 2010, 07:18:01 AM

2 Fatman.
I drop info in private message.

Title: Re: Dlink DFL-260 (IPSec) one way work
Post by: ctty on May 12, 2010, 01:03:40 AM

IT WORK! :D

THX

Title: Re: Dlink DFL-260 (IPSec) one way work
Post by: danilovav on May 13, 2010, 01:12:33 AM

And... what's the reason?

Title: Re: Dlink DFL-260 (IPSec) one way work
Post by: ioccy on July 14, 2010, 09:48:31 AM

Hello! The same problem here. Let us know what the solution is, plz!

Title: Re: Dlink DFL-260 (IPSec) one way work
Post by: danilovav on July 14, 2010, 08:19:57 PM

Hahaha. Funny practice, to ask the same question in all regional forums :D

Likely, such problems related with client software. For example, some antiviruses have their own packet filter and you need to add remote network into private list. Start ping (with -t option) and check on both DFLs in Status > Connections - if you see your ICMP connection, it means problem is not with DFL.