[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Connectivity to Brazil

Thanks for the response.  

Ike had worked great up until Monday.  The provider did a local test and our box saw the Ike packets so it appears to lie somewhere upstream.  (GLBX may be a good guess)

Also - the paths are stable and we are sourcing from the same ip - very strange behaivor.    Hope someone from GLBX or CTBC (or someone who had experienced an issue like this) can assist

Thanks to all for their feedback so far.   


On Feb 1, 2011, at 3:19 PM, Valdis.Kletnieks at vt.edu wrote:

> On Tue, 01 Feb 2011 08:54:47 EST, Steve Danelli said:
>> Some carrier, somewhere between us and the service provider is selectively
>> dropping the IKE packets originating from our VPN gateway and destined for
>> our Brazil gateway. Other traffic is able to pass, as are the IKE packets coming
>> back from Brazil to us. This is effectively preventing us from establishing
>> the IPSEC tunnel between our gateways.
> Has IKE been known to work to that location before? Or is this something new?
> My first guess is some chucklehead banana-eater at the service provider either
> fat-fingered the firewall config, or semi-intentionally blocked it because it
> was "traffic on a protocol/port number they didn't understand so it must be
> evil".
>> Also something else is awry, for two given hosts on the same subnet (x.y.z.52
>> and x.y.z.53), they take two wildly divergent paths:
>> Anyone have any insight on to what may be occurring?
> The paths appear to diverge at  I wonder if that's gear trying
> to do some load-balancing across 2 paths, and it's using the source IP as a
> major part of the selector function ("route to round-robin interface source-IP
> mod N" or similar?).
> The other possibility is your two traceroutes happened to catch a routing flap in
> progress (obviously not the case if the two routes are remaining stable).
> Sorry I can't be more helpful than that...