Hello,
I have a IPSec VPN Tunnel between my corporate data center and a satellite service provider. I also have 2 trucks, A & B, with networks on them. These truck networks communicate via satellite to the provider base station, and then across the VPN tunnel to our corp. data center. The A & B truck networks each have a Windows Domain Controller that communicates to our DCs in the data center, for Active Directory replication. They are using RPC for this.
Both truck networks and servers were tested and worked perfectly when first tested and deployed.
ASA 5510 running IOS ver 8.2(1)
About a month ago, truck B lost it's ability to communicate via RPC to the DCs in the data center. Nothing has changed on the network on my side as well as the satellite provider side. I've looked through my VPN logs and firewall logs, but don't see anything that indicates a probable cause. There is no evidence of requests being denied on my firewall, and the VPN ACLS.
The one strange thing I've noticed when doing some tests is that I don't see interesting traffic hitting the ACL on the ASA when trying to PING or traceroute from the truck B server, or when the RPC request is being run. BTW, the truck B server can PING and traceroute over the VPN tunnel to servers in the data center just fine. And the reverse it also true. Just the RPC doesn't work.
Here's the RPC error output:
NtFrsApi Version Information
NtFrsApi Major : 0
NtFrsApi Minor : 0
NtFrsApi Compiled on: Feb 16 2007 20:10:33
ERROR - Cannot RPC to computer, odyssey; 00000721 (1825)
Below is a traceroute from the truck B server to the data center server. Notice the multiple entries for server accord?
I seem to remember that this kind of behavior occurs whent an IP Address is being Natted. Is that correct?
Any suggestions are greatly appreciated.