Community home

34 views and no response. I had hoped that Vodafone would at the very least know how to configure the leading enterprise firewall platform, but obviously not...

Are you able to gather a wireshark trace at all?

Im currently watching a Suresignal trying to activate (since I factory reset it earlier as part of troubleshooting) and it is reporting that a hostname is unable to be resolved which is stopping provisioning.

Hi thermionic,

Firstly, a very warm welcome to the eForum Family, it's always great to see new faces on here .

Unfortunately, we're not Cisco certified so wouldn't be able to help with specific firewall setup, maybe one of our helpful eForum members has set this up before and has working instructions? Does the Sure Signal work with the firewall not in place?

George
eForum Team

Does the Sure Signal work with the firewall not in place?

If you didn't understand my original post, it would have been better to ask for clarification than suggest what you did.

Are you able to gather a wireshark trace at all? Im currently watching a Suresignal trying to activate (since I factory reset it earlier as part of troubleshooting) and it is reporting that a hostname is unable to be resolved which is stopping provisioning.

Hi Gavin,

I hadn't bothered setting up a span port and monitoring that, I've just been doing packet capture on the ASA to check that traffic was flowing, and I was only seeing traffic to the .177 address on udp/4500.

Have you configured the DHCP reservation to point at an internal or external DNS server ?



I was feeling a little masochistic this morning, so called in to the 0870 number, and thence to an 0845 number and after approx 8 IVR prompts asking me for my mobile number, then PIN, then option 3 and option 4, I gave up and called in on the main number, explained that I'd been going through IVR hell and asked if they could put me through to somebody instead of putting me back into the IVR queue. I eventually managed to speak to somebody 45 minutes later...

They initially told me that they were Tier 3 support, and that they only support UPNP routers...

After yet more time, and three reboots later, including on where the lights were cycling between 1&2&3, 1&3, 2 which apparently was a light sequence that he hadn't heard of before, he checked with somebody else, and said that it needed to be replaced.

We hadn't even touched on the port and protocol forwards...



My initial thoughts on this are that Vodafone rushed this to market

1/ The complete lack of any local diagnostics is ridiculous,

2/ The use of IPSec and multiple port and protocol forwards that it requires. If they had used a HTTPS VPN such as OpenVPN then they could have done all of it over a single port.

Hi Gavin, I hadn't bothered setting up a span port and monitoring that, I've just been doing packet capture on the ASA to check that traffic was flowing, and I was only seeing traffic to the .177 address on udp/4500. Have you configured the DHCP reservation to point at an internal or external DNS server ? I was feeling a little masochistic this morning, so called in to the 0870 number, and thence to an 0845 number and after approx 8 IVR prompts asking me for my mobile number, then PIN, then option 3 and option 4, I gave up and called in on the main number, explained that I'd been going through IVR hell and asked if they could put me through to somebody instead of putting me back into the IVR queue. I eventually managed to speak to somebody 45 minutes later... They initially told me that they were Tier 3 support, and that they only support UPNP routers... After yet more time, and three reboots later, including on where the lights were cycling between 1&2&3, 1&3, 2 which apparently was a light sequence that he hadn't heard of before, he checked with somebody else, and said that it needed to be replaced. We hadn't even touched on the port and protocol forwards... My initial thoughts on this are that Vodafone rushed this to market 1/ The complete lack of any local diagnostics is ridiculous, 2/ The use of IPSec and multiple port and protocol forwards that it requires. If they had used a HTTPS VPN such as OpenVPN then they could have done all of it over a single port.

Hi,

I have had the SS using both an internal DNS server and a set of external DNS servers. The SS gets very upset if one of its hostnames fails to respond, it then tries to talk to an ip in the 172.X.X.X range.

The light sequence you have seen, I can also reproduce and I put that down to a factory reset/firmware reload in progress (from watching the limited activity via wireshark).

I have a variety of CPE that I can put this unit behind yet no difference has been seen to the behaviour of the unit since this mornings factory reset.

Hi, I have had the SS using both an internal DNS server and a set of external DNS servers. The SS gets very upset if one of its hostnames fails to respond, it then tries to talk to an ip in the 172.X.X.X range. The light sequence you have seen, I can also reproduce and I put that down to a factory reset/firmware reload in progress (from watching the limited activity via wireshark). I have a variety of CPE that I can put this unit behind yet no difference has been seen to the behaviour of the unit since this mornings factory reset.

Hi Gavin,

Did you see any traffic on udp/4500 going to any of the addresses, or just failed DNS lookups ?

I do wonder why they need a DNS lookup when they set IP ranges for the port forwards...