MW_WISP
(MW_WISP)
March 20, 2017, 10:29am
1
I've a problem (another) using NAT on SMs, I've found this error on 2 radios, firmware 15.0.3:
03/19/2017 : 20:39:40 UTC : :Tsl Free list empty. Entries 0
03/19/2017 : 20:39:41 UTC : :Tsl Free list empty. Entries 0
03/19/2017 : 20:39:41 UTC : :Tsl Free list empty. Entries 0
03/19/2017 : 20:39:43 UTC : :Tsl Free list empty. Entries 0
03/19/2017 : 20:39:44 UTC : :Tsl Free list empty. Entries 0
03/19/2017 : 20:39:44 UTC : :Tsl Free list empty. Entries 0
03/19/2017 : 20:39:44 UTC : :Tsl Free list empty. Entries 0
03/19/2017 : 20:39:46 UTC : :Tsl Free list empty. Entries 0
[very very long list]
03/20/2017 : 07:42:21 UTC : :Tsl Free list empty. Entries 0
03/20/2017 : 07:42:21 UTC : :Tsl Free list empty. Entries 0
03/20/2017 : 07:42:23 UTC : :Tsl Free list empty. Entries 0
03/20/2017 : 07:42:23 UTC : :Tsl Free list empty. Entries 0 (Full log: http://pastebin.com/unwT05wC )
The SM stop NAT the packets from the LAN and the customer cannot use internet connection until I manually reboot the SM.
This is the NAT Table utilizations for the last week, in this case the SM NAT stopped working on Saturday morning (GMT+01):
Probably they are using a VPN software that cause this "crash".
Edit:
They are using an IPsec VPN connection
Not sure what this means Matt... will point the software guys in this direction and see what they might know.
MW_WISP
(MW_WISP)
March 21, 2017, 7:57am
3
I've just recorded this log during IPSec VPN utilization on the same SM.
03/21/2017 : 07:52:24 UTC : :Delete Public Entry Protocol 17 IsIsakmp 0 RmtHostIP 0xd98a41d2 FinalTransportID 1547 Failed
03/21/2017 : 07:52:24 UTC : :FailInsertHashCnts: 0 0
03/21/2017 : 07:52:24 UTC : :Delete Private Entry Protocol 17 Failed
03/21/2017 : 07:52:24 UTC : :Delete Public Entry Protocol 17 IsIsakmp 0 RmtHostIP 0xd98a41d2 FinalTransportID 1409 Failed
03/21/2017 : 07:52:24 UTC : :FailInsertHashCnts: 0 0
03/21/2017 : 07:52:24 UTC : :Delete Private Entry Protocol 17 Failed
We are investigating.
Please send the CNUT capture of this SM to solutions@cambiumnetworks.com (preferably during VPN utlization)
Also, Can you can try increasing NAT Table size to 8K.
We have about a hundred SMs in NAT mode and I've not seen this at all. Perhaps because our config forces DMZ (1 address pool).
We have a PMP450 SM throwing off this error. Customer complains they loose connection to the internet.
15.1 firmware.
Was a solution ever found for this?
Chitrang
(Chitrang)
April 2, 2018, 7:25am
7
Hi, Please provide some information, - Are you using VPN ? If yes, what type of VPN it is SSL or IPSec. - What VPN client is being used ? SonicWall or Cisco
Just to clarify:
Are you asking if my customer is using a VPN behind the SM or are you asking if I am using a VPN to access the SM?
Chitrang
(Chitrang)
April 2, 2018, 4:05pm
9
Yes , Is Customer using VPN behind the SM and SM is configured with NAT ?