Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Equipment Support » Hardware By Brand » ZyXEL » SPI:0x0 SEQ:0x0 No rule found, Dropping packet
Uniqs:
861		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Zywall SSL 10 PPPOE problem »
« AP: lost some Instant Messengers  

santtu

@elisa-laajakaista.fi

SPI:0x0 SEQ:0x0 No rule found, Dropping packet

Hi guys,

We have IPSec VPN tunnel between two offices, the remote office has ZW5 and our office new USG-100. Our office does not have any servers etc. and we are using resources of remote office (AD, file server, DNS). I am wondering what kind of rule is missing because we get constant errors to USG-100 logs:

error IPSec SPI:0x0 SEQ:0x0 No rule found, Dropping packet 10.22.19.1:33496 10.22.15.10:53 IPsec

The 10.22.19.1 is USG-100 LAN address, and 10.22.15.10 is DNS server of remote office. It looks like USG-100 is blocking all DNS queries to remote office when the query originates from USG-100 itself. However, DNS works when queries originate from our computers in LAN.

We have policy route definition:

lan1 LAN1_SUBNET RemoteLAN_SUBNET any RemoteNetwork none

and when I tried to create similar policy route but replacing incoming interface lan1 with "Zywall", that did not help.

Any ideas or tips?

Thanks,

Santtu
permalink · 2009-06-17 03:50:26 · Print · Reply to this

Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON

Re: SPI:0x0 SEQ:0x0 No rule found, Dropping packet

It depends how are your routes setup on USG.
Post a screenshot.
permalink · 2009-06-17 10:18:44 · Reply to this

santtu

@elisa-laajakaista.fi

Re: SPI:0x0 SEQ:0x0 No rule found, Dropping packet

Thanks Brano for your answer.

The only policy routes (in addition to USG default WAN TRUNK routes) we have added are:
(fields: Incoming, Source, Destination, Service, Next-hop, Snat)
lan1 LAN1_SUBNET RemoteLAN_SUBNET  any RemoteNetwork  none
lan1 LAN1_SUBNET Remote2LAN_SUBNET any Remote2Network none


Address definitions are:
LAN1_SUBNET	       INTERFACE SUBNET	lan1-10.22.19.0/24
RemoteLAN_SUBNET	SUBNET	              10.22.15.0/24
Remote2LAN_SUBNET	SUBNET	              10.22.10.0/24


Should I make another rule for "Zywall to remote lan"? Looks like LAN1_SUBNET is only for packets coming into Zywall LAN interface, but not from Zywall itself?

BR,

Santtu
permalink · 2009-06-23 05:39:46 · Print · Reply to this
Forums » Equipment Support » Hardware By Brand » ZyXELZywall SSL 10 PPPOE problem »
« AP: lost some Instant Messengers  

Friday, 04-Dec 10:13:42 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [143] Avast Antivirus Has Gone Mad
· [109] Comcast Makes NBC Universal Acquisition Official
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [90] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [72] Sprint Defuses GPS Privacy Media Bomb
· [70] Baltimore To Ban Lazy Cable Installs
· [69] FCC Ponders Moving From PSTN To IP Voice
· [64] Broadband Killed The Game Console
Most people now reading
· False positive in Avast! or is it real? [Security]
· Equal speeds ruling [Canadian Broadband]
· Warrior tank seem underpowered these days [World of Warcraft]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Linux is terrorist - according to MS... [All Things Unix]
· Windows 7 boot manager editing questions [Microsoft Help]
· [DNS] Google's public DNS... performance increases? [Comcast HSI]
· An Excellent Guide About Google Voice And Sip Sorcery [VOIP Tech Chat]