Hi all and thanks for your attention.
My name is Mauro.
This is my first post here, hope not bore you all.
I have 2 RB3011. Each of two have 1 LAN address and 1 WAN static pubblic address. Between the two RB, i’ve a IPSEC VPN configured (figure vpn.jpg)
I think that all works fine. For the client all works good. Client in site A works in RDP, SMB and SQL on servers in site B
Now, why i write here searching for help and where is my problem?
SERVER A have massive SQL activity on SERVER B. SERVER A have a static IP address. SERVER B have a static IP address
SERVER A, after some moments of good activity, can’t communicate on SQL services with SERVER B. Altought, in the same moment, CLIENT A can make SQL Query on SERVER B
If i change the IP address of SERVER A (in lan), all works good for some moments. After some moments (minutes) the problem is the same another time with the new IP address too.
Now, for me this is a strange behaviour.
I try disable all FILTER roules in anyone of the two RB, but without any success.
I search if the IP address of SERVER A (old IP and new IP) is listed in any of my “ip list” that block brute force attack, but no one is present.
I desire know if all you saw this in your past experience.
I not know if is possible that the RB have some kind of responsability in this behaviour but i think that is a kind of block in the ipsec tunell activity or in the router activity.
Whay do you think about?
No, i not work on ip > firewall > connection. I will try this. Just for know (if not need a long explanation or if you have a link to read) if a connection exist in this section, what is the impact in TCP protocol?
I think that all network parts (include the IPSEC tunnel) are stable, because if i ping from SERVER A to SERVER B, the ping result is ok without interruptions.
Basically because some rules rely on others being established to allow or restrict traffic. To start a firewall with a “clean sheet” you should clean your connections table.
I think that all network parts (include the IPSEC tunnel) are stable, because if i ping from SERVER A to SERVER B, the ping result is ok without interruptions.
The proof is usually in the puddle… a network capture usually shows it all.
Posting the config export will allow others familiar with your scenario to pinpoint problems.
