I have aproblem where one of my clients is trying to establish an IP-in-IP tunnel using a Linux service. One of his servers is sitting in my network behind a PIX 515E running OS 7.0(4) and the other is sitting in another data center.
He is claiming that my firewall is blocking his configuration and he had that scenario running with other ISPs.
He said that my firewall is "scrambeling" the TCP sequence numbers, so I went and changed his static NAT statements
to include a "norandomise" option but he said it is still the same.
The problem is that I don't know anything about the service that he is running, I have opened everything in and out for him but he is claiming that it is still not working.
Any ideas about this tunneling service, what should I do assuming that the PIX is the problem?
Re: IP-in-IP Tunnelling through PIX-515E OS 7.0(4)
Most of my experience with someone tunneling inside a vpn tunnel has not been with the TCP randomizing which shouldn't be happeneing through the VPN tunnel. It usually has to do with the MTU size's of there secondary tunnel not being set right.
But if he can provide you with some packet captures from both side of the traffic we could help look into it.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...