XTM 515 12.1.3up3 to M370 12.4.1 VPN not passing traffic

We upgraded from a XTM 515 12.1.3up3 to a M370 12.4.1.
I copied the configuration file over and made my SD-WAN changes and Interface changes as needed.

Everything seems to be work except our VPN tunnel. Our VPN tunnel only gets used to print documents from our cloud server( located in another state).
We use a DMS (Dealer Management System) who hosts our (their) software offsite and we only use the VPN for our printers.

I worked with the DMS tech's and double checked our VPN settings, they couldn't seem to see our network, they could see and ping our Trusted Network IP but couldn't get any further to access the printers.

I saw what appeared good traffic from their server IP to the IP's of our printers but it still was not printing any documents.
All "green" Allowed, nothing getting blocked.

OK, after too much time, I switched back to our Old XTM 515 (just moved our cables) and the print jobs started printed without any further help.

Are there more VPN settings or any different settings in the M370 or FSM 12.4.1 I should be aware of I missed?

Sorry but I'm not sure what they are using at their end for equipment/vpn.

Here is what they were seeing on their end:

With M370
$ nmap -sP 10.249.115.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2020-10-19 11:06 EDT
Nmap scan report for 10.249.115.43
Host is up (0.055s latency).
Nmap done: 256 IP addresses (1 host up) scanned in 8.66 seconds
$

Back to the XTM 515
$ nmap -sP 10.249.115.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2020-10-19 11:35 EDT
Nmap scan report for 10.249.115.6
Host is up (0.044s latency).
Nmap scan report for 10.249.115.12
Host is up (0.042s latency).
Nmap scan report for 10.249.115.14
Host is up (0.045s latency).
Nmap scan report for 10.249.115.20
Host is up (0.043s latency).
Nmap scan report for 10.249.115.21
Host is up (0.044s latency).
Nmap scan report for 10.249.115.22
Host is up (0.040s latency).
Nmap scan report for 10.249.115.23
Host is up (0.042s latency).
Nmap scan report for 10.249.115.24
Host is up (0.043s latency).
Nmap scan report for 10.249.115.26
Host is up (0.040s latency).
Nmap scan report for 10.249.115.27
Host is up (0.044s latency).
Nmap scan report for 10.249.115.28
Host is up (0.047s latency).
Nmap scan report for 10.249.115.29
Host is up (0.047s latency).
Nmap scan report for 10.249.115.30
Host is up (0.042s latency).
Nmap scan report for 10.249.115.31
Host is up (0.040s latency).
Nmap scan report for 10.249.115.32
Host is up (0.053s latency).
Nmap scan report for 10.249.115.33
Host is up (0.073s latency).
Nmap scan report for 10.249.115.35
Host is up (0.043s latency).
Nmap scan report for 10.249.115.43
Host is up (0.046s latency).
Nmap scan report for 10.249.115.78
Host is up (0.045s latency).
Nmap scan report for 10.249.115.82
Host is up (0.046s latency).
Nmap scan report for 10.249.115.86
Host is up (0.043s latency).
Nmap scan report for 10.249.115.88
Host is up (0.045s latency).
Nmap scan report for 10.249.115.95
Host is up (0.041s latency).
Nmap scan report for 10.249.115.102
Host is up (0.041s latency).
Nmap scan report for 10.249.115.105
Host is up (0.043s latency).
Nmap scan report for 10.249.115.111
Host is up (0.047s latency).
Nmap scan report for 10.249.115.127
Host is up (0.050s latency).
Nmap scan report for 10.249.115.128
Host is up (0.041s latency).
Nmap scan report for 10.249.115.129
Host is up (0.042s latency).
Nmap scan report for 10.249.115.130
Host is up (0.041s latency).
Nmap scan report for 10.249.115.134
Host is up (0.046s latency).
Nmap scan report for 10.249.115.148
Host is up (0.040s latency).
Nmap scan report for 10.249.115.150
Host is up (0.047s latency).
Nmap scan report for 10.249.115.152
Host is up (0.044s latency).
Nmap scan report for 10.249.115.160
Host is up (0.043s latency).
Nmap scan report for 10.249.115.168
Host is up (0.043s latency).
Nmap scan report for 10.249.115.175
Host is up (0.042s latency).
Nmap scan report for 10.249.115.187
Host is up (0.049s latency).
Nmap scan report for 10.249.115.188
Host is up (0.048s latency).
Nmap scan report for 10.249.115.191
Host is up (0.045s latency).
Nmap scan report for 10.249.115.195
Host is up (0.047s latency).
Nmap scan report for 10.249.115.249
Host is up (0.043s latency).
Nmap scan report for 10.249.115.251
Host is up (0.041s latency).
Nmap done: 256 IP addresses (43 hosts up) scanned in 6.54 seconds
$

This is when everything started printing again.

Here's some logs from the M370 that I sent over to them;

But so far nothing is printing.

2020-10-19 10:53:49 Allow xxx.xxx.xxx.xxx 10.249.115.32 9100/tcp 65101 9100 LV Tunnel 0-Windstream-0 Allowed 60 60 (DealerTrack-in-00) proc_id="firewall" rc="100" msg_id="3000-0148" tcp_info="offset 10 S 2855083307 win 65535" route_type="SD-WAN" geo_src="USA" Traffic

2020-10-19 10:53:52 Allow xxx.xxx.xxx.xxx 10.249.115.27 9100/tcp 23397 9100 LV Tunnel 0-Windstream-0 Allowed 60 60 (DealerTrack-in-00) proc_id="firewall" rc="100" msg_id="3000-0148" tcp_info="offset 10 S 3388960370 win 65535" route_type="SD-WAN" geo_src="USA" Traffic

2020-10-19 10:53:53 Allow xxx.xxx.xxx.xxx 10.249.115.26 9100/tcp 39015 9100 LV Tunnel 0-Windstream-0 Allowed 60 60 (DealerTrack-in-00) proc_id="firewall" rc="100" msg_id="3000-0148" tcp_info="offset 10 S 2833466727 win 65535" route_type="SD-WAN" geo_src="USA" Traffic

2020-10-19 10:53:54 Allow xxx.xxx.xxx.xxx 10.249.115.27 9100/tcp 23397 9100 LV Tunnel 0-Windstream-0 Allowed 60 60 (DealerTrack-in-00) proc_id="firewall" rc="100" msg_id="3000-0148" tcp_info="offset 10 S 3388960370 win 65535" route_type="SD-WAN" geo_src="USA" Traffic

2020-10-19 10:53:59 Allow xxx.xxx.xxx.xxx 10.249.115.22 9100/tcp 32860 9100 LV Tunnel 0-Windstream-0 Allowed 60 60 (DealerTrack-in-00) proc_id="firewall" rc="100" msg_id="3000-0148" tcp_info="offset 10 S 3826061150 win 65535" route_type="SD-WAN" geo_src="USA" Traffic

2020-10-19 10:54:01 Allow xxx.xxx.xxx.xxx 10.249.115.27 9100/tcp 23397 9100 LV Tunnel 0-Windstream-0 Allowed 60 60 (DealerTrack-in-00) proc_id="firewall" rc="100" msg_id="3000-0148" tcp_info="offset 10 S 3388960370 win 65535" route_type="SD-WAN" geo_src="USA" Traffic

Comments

  • edited October 2020

    Make sure that you do not have any SD-WAN settings on incoming policies.

    Otherwise, open a support incident on this.

  • Ah!
    My BOVPN's didn't have any but I have two other tunnels for DT (in and out) they were pointed at my Fiber SD-WAN connection.

    I'll have to wait until later to switch back over.

    I'll let you know if that was the culprit.

    Thanks Bruce.

  • Thank you Bruce!!

    (DealerTrack-in-00) route_type="SD-WAN"
    removed the SD-WAN from that 'in' vpn and all is good.

    brad

Sign In to comment.