Hello all!
Built out a vpn back in November 22 with a TZ400 and it had been working fine. A trouble ticket was just opened up that the remote application could no longer talk to the database server on port 2638. On testing only ping works from the remote side to the host. Went through the vpn profile, link is up, nothing changed. restarted the vpn session, rebooted the firewall.
Remote tech says the host doesnt respond to telnet tests to 2638, 80, 443. But locally the port is listening and the application is working. Turned off windows firewall to troubleshoot. but no go. what to try?
I assume this is site to site and not a vpn client? If so, have you reviewed the remote firewall? If it’s a client, have you confirmed that the firewall on the remote machine (I know you said you turned it off, but I’m guessing that means on the local server?)
Did you use connection monitor for analysis?
Set to source and destination ip and control tx/Rx bytes and packet count. If source ip is your PC ip which is counting up thane you can send to packets other sites than Rx iis 0 then other site didn’t give responses. Than check other sites network topologies. Especially you should check into the each site via local PC.
I hope, I could explain 
Yes, its a site to site. i renegotiated the tunnel and it came back up. On the equipment that i can control, i’ve restarted the SW, the vpn tunnel, the database service. I checked that the persistent route is still there. I’ll ask the remote side to restart their side. On the rules i’ve opened it up to allow all services to test. thanks!
A great tool is test FW rules is PSPing, it allows you to ping TCP ports to test your rules.
I use it all the time.
