VPN Stopped Working...
I have a VPN set up between two businesses, for some odd reason the whole thing stopped working. Hardware is Symantec Firewall/VPN 100 at both locations. I have it set up like they say to on the website and documentation CD.
I have a VPN set up between two businesses, for some odd reason the whole thing stopped working.
Hardware is Symantec Firewall/VPN 100 at both locations. I have it set up like they say to on the website and documentation CD. We have static IP's which have not changed.
I notice we are under constant port scan attack...every 30-60 seconds.
* It was down all day yesterday and now it's up again, just checked. *
I was finally able to ping the computer behind the vpn/firewall at the other location.
What would cause it to keep going down? Even after reseting everything it still won't work.
When I pinged it a second ago, 1 of 4 pings made it... When I pinged again, 2 made it, then the third time all pings made it and didn't time out.
I don't understand why it works "some" times.
All the settings have been gone over time and time again, by two different people.
Hardware is Symantec Firewall/VPN 100 at both locations. I have it set up like they say to on the website and documentation CD. We have static IP's which have not changed.
I notice we are under constant port scan attack...every 30-60 seconds.
* It was down all day yesterday and now it's up again, just checked. *
I was finally able to ping the computer behind the vpn/firewall at the other location.
What would cause it to keep going down? Even after reseting everything it still won't work.
When I pinged it a second ago, 1 of 4 pings made it... When I pinged again, 2 made it, then the third time all pings made it and didn't time out.
I don't understand why it works "some" times.
All the settings have been gone over time and time again, by two different people.
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
I have talked to a few other people who also said that the DOS would cause the VPN to go down. If I change IP addresses (which are static right now) wouldn't the problem just come back? Is there anything I can do settings wise, that would help? Or is changing the IP the way I'll have to go?
Log
UTC Time Message Source
08/07/2003 23:30:19.91 Port Scan attack !!! 24.148.65.79:3374
08/07/2003 23:30:28.91 Port Scan attack !!! 24.148.65.79:3374
08/07/2003 23:46:54.66 Port Scan attack !!! 24.28.62.172:2294
08/07/2003 23:47:03.61 Port Scan attack !!! 24.28.62.172:2294
08/07/2003 23:55:35.91 Port Scan attack !!! 67.20.174.52:4736
08/07/2003 23:56:05.31 Port Scan attack !!! 67.20.174.52:4896
08/08/2003 00:00:41.71 Port Scan attack !!! 24.53.0.136:2842
08/08/2003 00:00:50.61 Port Scan attack !!! 24.53.0.136:2842
08/08/2003 00:05:47.86 Port Scan attack !!! 67.20.164.108:1596
08/08/2003 00:19:26.31 Port Scan attack !!! 66.188.195.206:3486
08/08/2003 00:27:45.41 Port Scan attack !!! 218.90.178.145:2315
08/08/2003 00:31:52.86 Port Scan attack !!! 203.192.11.30:1065
08/08/2003 00:33:24.81 Port Scan attack !!! 218.15.192.64:30099
08/08/2003 00:52:29.56 Port Scan attack !!! 67.20.174.52:2102
08/08/2003 00:56:20.71 Port Scan attack !!! 62.62.139.253:3833
08/08/2003 00:57:39.86 Port Scan attack !!! 67.20.77.111:2836
08/08/2003 01:02:57.91 Port Scan attack !!! 61.177.227.45:2077
08/08/2003 01:22:36.11 Port Scan attack !!! 24.209.175.44:2281
08/08/2003 01:22:51.91 Port Scan attack !!! 24.209.175.44:2281
08/08/2003 01:23:07.96 Port Scan attack !!! 24.209.175.44:2281
08/08/2003 01:31:00.76 Port Scan attack !!! 67.20.187.62:3670
08/08/2003 01:41:58.61 Port Scan attack !!! 12.248.64.98:4361
08/08/2003 01:48:32.11 Port Scan attack !!! 218.15.192.64:30099
08/08/2003 02:01:21.36 Port Scan attack !!! 67.20.221.200:1945
08/08/2003 02:24:18.46 Port Scan attack !!! 67.20.76.159:4857
08/08/2003 02:24:27.51 Port Scan attack !!! 67.20.76.159:4857
08/08/2003 02:37:26.36 Port Scan attack !!! 67.20.76.159:4883
08/08/2003 02:37:35.31 Port Scan attack !!! 67.20.76.159:4883
08/08/2003 02:49:01.61 Port Scan attack !!! 67.20.81.212:3612
08/08/2003 02:58:09.66 Port Scan attack !!! 67.20.76.159:4108
08/08/2003 02:58:18.61 Port Scan attack !!! 67.20.76.159:4108
08/08/2003 03:02:26.31 Port Scan attack !!! 67.117.23.149:3142
08/08/2003 03:02:35.31 Port Scan attack !!! 67.117.23.149:3142
08/08/2003 03:06:24.31 Port Scan attack !!! 67.20.33.55:3674
08/08/2003 03:07:24.16 Port Scan attack !!! 218.15.192.64:30099
08/08/2003 03:10:50.36 Port Scan attack !!! 65.88.92.140:1474
08/08/2003 03:10:56.31 Port Scan attack !!! 65.88.92.140:1474
08/08/2003 03:21:25.01 Port Scan attack !!! 12.255.148.153:2647
08/08/2003 03:21:34.01 Port Scan attack !!! 12.255.148.153:2647
08/08/2003 03:22:25.06 Port Scan attack !!! 67.20.76.159:3841
==============================================
Here is part of the log...I removed my IP
Most are TCP and UDP..there were also like 7 or 8 HTTP as well.
The log from our other business looks just like this. Filled with port scan attacks etc..
UTC Time Message Source
08/07/2003 23:30:19.91 Port Scan attack !!! 24.148.65.79:3374
08/07/2003 23:30:28.91 Port Scan attack !!! 24.148.65.79:3374
08/07/2003 23:46:54.66 Port Scan attack !!! 24.28.62.172:2294
08/07/2003 23:47:03.61 Port Scan attack !!! 24.28.62.172:2294
08/07/2003 23:55:35.91 Port Scan attack !!! 67.20.174.52:4736
08/07/2003 23:56:05.31 Port Scan attack !!! 67.20.174.52:4896
08/08/2003 00:00:41.71 Port Scan attack !!! 24.53.0.136:2842
08/08/2003 00:00:50.61 Port Scan attack !!! 24.53.0.136:2842
08/08/2003 00:05:47.86 Port Scan attack !!! 67.20.164.108:1596
08/08/2003 00:19:26.31 Port Scan attack !!! 66.188.195.206:3486
08/08/2003 00:27:45.41 Port Scan attack !!! 218.90.178.145:2315
08/08/2003 00:31:52.86 Port Scan attack !!! 203.192.11.30:1065
08/08/2003 00:33:24.81 Port Scan attack !!! 218.15.192.64:30099
08/08/2003 00:52:29.56 Port Scan attack !!! 67.20.174.52:2102
08/08/2003 00:56:20.71 Port Scan attack !!! 62.62.139.253:3833
08/08/2003 00:57:39.86 Port Scan attack !!! 67.20.77.111:2836
08/08/2003 01:02:57.91 Port Scan attack !!! 61.177.227.45:2077
08/08/2003 01:22:36.11 Port Scan attack !!! 24.209.175.44:2281
08/08/2003 01:22:51.91 Port Scan attack !!! 24.209.175.44:2281
08/08/2003 01:23:07.96 Port Scan attack !!! 24.209.175.44:2281
08/08/2003 01:31:00.76 Port Scan attack !!! 67.20.187.62:3670
08/08/2003 01:41:58.61 Port Scan attack !!! 12.248.64.98:4361
08/08/2003 01:48:32.11 Port Scan attack !!! 218.15.192.64:30099
08/08/2003 02:01:21.36 Port Scan attack !!! 67.20.221.200:1945
08/08/2003 02:24:18.46 Port Scan attack !!! 67.20.76.159:4857
08/08/2003 02:24:27.51 Port Scan attack !!! 67.20.76.159:4857
08/08/2003 02:37:26.36 Port Scan attack !!! 67.20.76.159:4883
08/08/2003 02:37:35.31 Port Scan attack !!! 67.20.76.159:4883
08/08/2003 02:49:01.61 Port Scan attack !!! 67.20.81.212:3612
08/08/2003 02:58:09.66 Port Scan attack !!! 67.20.76.159:4108
08/08/2003 02:58:18.61 Port Scan attack !!! 67.20.76.159:4108
08/08/2003 03:02:26.31 Port Scan attack !!! 67.117.23.149:3142
08/08/2003 03:02:35.31 Port Scan attack !!! 67.117.23.149:3142
08/08/2003 03:06:24.31 Port Scan attack !!! 67.20.33.55:3674
08/08/2003 03:07:24.16 Port Scan attack !!! 218.15.192.64:30099
08/08/2003 03:10:50.36 Port Scan attack !!! 65.88.92.140:1474
08/08/2003 03:10:56.31 Port Scan attack !!! 65.88.92.140:1474
08/08/2003 03:21:25.01 Port Scan attack !!! 12.255.148.153:2647
08/08/2003 03:21:34.01 Port Scan attack !!! 12.255.148.153:2647
08/08/2003 03:22:25.06 Port Scan attack !!! 67.20.76.159:3841
==============================================
Here is part of the log...I removed my IP
Most are TCP and UDP..there were also like 7 or 8 HTTP as well.
The log from our other business looks just like this. Filled with port scan attacks etc..
