Hello Folks,
we installed a new ASG with 8.930 beta for testing purposes. We imported a recent 8.302 configuration.
After that, I updated one SSL-VPN client to the new version shipped with 8.930.
Now, outgoing SSL-VPN connections are blocked and cause the following IPS-Alert:
2012:04:17-09:48:31 ASG snort[6215]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-CLIENT Windows CryptoAPI common name spoofing attempt" group="500" srcip="(VPN-Target)" dstip="(VPN-Source)" proto="6" srcport="443" dstport="52039" sid="16180" class="Misc Attack" priority="2" generator="3" msgid="0"
This is what the client log looks like:
Tue Apr 17 09:48:49 2012 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Tue Apr 17 09:48:49 2012 write TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 17 09:48:49 2012 Connection reset, restarting [-1]
Tue Apr 17 09:48:49 2012 TCP/UDP: Closing socket
Tue Apr 17 09:48:49 2012 SIGUSR1[soft,connection-reset] received, process restarting
Tue Apr 17 09:48:49 2012 MANAGEMENT: >STATE:1334648929,RECONNECTING,connection-reset,,
Tue Apr 17 09:48:49 2012 Restart pause, 5 second(s)
Tue Apr 17 09:48:53 2012 SIGTERM[hard,init_instance] received, process exiting
Tue Apr 17 09:48:53 2012 MANAGEMENT: >STATE:1334648933,EXITING,init_instance,,
We are still able to establish SSL-VPN connections using computers with the old 8.302 SSL-VPN Client.
Any hints are gladly welcome!
Cheers
DiePlage
we installed a new ASG with 8.930 beta for testing purposes. We imported a recent 8.302 configuration.
After that, I updated one SSL-VPN client to the new version shipped with 8.930.
Now, outgoing SSL-VPN connections are blocked and cause the following IPS-Alert:
2012:04:17-09:48:31 ASG snort[6215]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-CLIENT Windows CryptoAPI common name spoofing attempt" group="500" srcip="(VPN-Target)" dstip="(VPN-Source)" proto="6" srcport="443" dstport="52039" sid="16180" class="Misc Attack" priority="2" generator="3" msgid="0"
This is what the client log looks like:
Tue Apr 17 09:48:49 2012 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Tue Apr 17 09:48:49 2012 write TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Apr 17 09:48:49 2012 Connection reset, restarting [-1]
Tue Apr 17 09:48:49 2012 TCP/UDP: Closing socket
Tue Apr 17 09:48:49 2012 SIGUSR1[soft,connection-reset] received, process restarting
Tue Apr 17 09:48:49 2012 MANAGEMENT: >STATE:1334648929,RECONNECTING,connection-reset,,
Tue Apr 17 09:48:49 2012 Restart pause, 5 second(s)
Tue Apr 17 09:48:53 2012 SIGTERM[hard,init_instance] received, process exiting
Tue Apr 17 09:48:53 2012 MANAGEMENT: >STATE:1334648933,EXITING,init_instance,,
We are still able to establish SSL-VPN connections using computers with the old 8.302 SSL-VPN Client.
Any hints are gladly welcome!
Cheers
DiePlage