1 Reply Latest reply on Feb 19, 2014 9:55 AM by rothman

    unable to access internet unless she uses the VPN-client // hips  8

    bob325

      Hi  Team,

       

      I am  unable  to  access  to  the  network ,  need  to  use  VPN  only  to  acccess  to  the  network.  Logs  shows  like  IPV6  are  not  allowed ,  

       

       

       

      Time:  2014-02-11 14:29:09
      Event:  Traffic
      IP Address/User:  10.xx.xx.xx
      Message:  Blocked Incoming UDP -  Source 10.xxx.xxx.xx : bootps (67)  Destination 255.255.255.255 : bootpc (68)
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:29:09
      Event:  Traffic
      IP Address/User:  10.xx.xxxx.xx
      Message:  Blocked Incoming UDP -  Source 10.xxx.xx.xxx. : bootpc (68)  Destination 255.255.255.255 : bootps (67)
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:29:13
      Event:  Traffic
      IP Address/User:  10.xx.xx.xx
      Message:  Blocked Incoming UDP -  Source 10.xxx.xx.xxx : bootpc (68)  Destination 255.255.255.255 : bootps (67)
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:29:17
      Event:  Traffic
      IP Address/User:  FF00:xxxx:xxxxx:xxxx xxxxx:ccccc0:xxxx:xxx

      Message:  Blocked Outgoing ICMPv6 Unknown - Source FE80:xxxxx:xxxx:xxxxxx0:xxxxx:xxxx:xxxx:0000   Destination FF02:xxxx:xxxx:xxxxxx:xxxxx:0000xx:xxxxx
      Matched Rule:  Block IPv6

      Time:  2014-02-11 14:29:23
      Event:  Traffic
      IP Address/User:  FF02:xxxx:xxxx:xxxx:xxxx:xxxxx:xxxxx:xxxx
      Message:  Blocked Outgoing ICMPv6 Unknown - Source FE80:0000:xxxxx:xxxx:xxxx:xxxx:xxxx:xxxx   Destination FF02:xxxxx:0000:0000:xxxx:xxxx0:0000:xxxx

      Matched Rule:  Block IPv6

      Time:  2014-02-11 14:29:23
      Event:  Traffic
      IP Address/User:  FF02:xxx0:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
      Message:  Blocked Outgoing ICMPv6 Unknown - Source FE80:xxxx:xxxxx:xxxx:xxxx:xxxx:xxxx:xxxx   Destination FF02:xxxxx:xxxxx:xxxx:xxxx:xxxxxx:xxxxx:xxx
      Matched Rule:  Block IPv6

      Time:  2014-02-11 14:29:23
      Event:  Traffic
      IP Address/User:  FF02:xxx:xxxx::xxxx:xxxx:xxxx:xxxx:xxxxx

      Message:  Blocked Outgoing ICMPv6 Unknown - Source FE80:xxxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx   Destination FF02:xxxx:xxxx:xxxx:xxx0:xxxx:xxxx:xxxx
      Matched Rule:  Block IPv6

      Time:  2014-02-11 14:30:58
      Event:  Traffic
      Time:  2014-02-11 14:31:00
      Event:  Traffic
      IP Address/User:  10.xx.xx.xx
      Message:  Blocked Incoming ICMP Time Exceeded - Source 10.xx.xx.xxxx   Destination 10.xxxx.xxxx.xxxx
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:31:00
      Event:  Traffic
      IP Address/User:  10.xxxx.xx.xx
      Message:  Blocked Incoming ICMP Time Exceeded - Source 10.xx.xxx.xx   Destination 10.xx.xx.xx
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:31:00
      Event:  Traffic
      IP Address/User:  10.xx.xx.xx
      Message:  Blocked Incoming ICMP Time Exceeded - Source 10.xx.xx.xx   Destination 10.xx.xx.xx
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:31:00
      Event:  Traffic
      IP Address/User:  10.xx.xxx.xx

      Message:  Blocked Incoming ICMP Time Exceeded - Source 10.xx.xxx.xx   Destination 10.xxx.xxx.xxx
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:31:00
      Event:  Traffic
      IP Address/User:  10.xxxx.xxx.xxxx
      Message:  Blocked Incoming ICMP Time Exceeded - Source 10.xx.xx.xx.x   Destination 10.xx.xxx.xx
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:31:00
      Event:  Traffic
      IP Address/User:  10.xxx.xxx.xxx
      Message:  Blocked Incoming ICMP Time Exceeded - Source 10.xx.xxxx   Destination 10.xxx.xxx.xxx
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:31:00
      Event:  Traffic
      IP Address/User:  10.xxx.xxx.xxx
      Description:  Microsoft Lync 2010 MAPI COM Server (UcMapi)
      Path:  C:\Program Files\Microsoft Lync\UcMapi.exe
      Message:  Blocked Outgoing TCP -  Source 10.xxx.xx.xxx :  (56900)  Destination 10.xx.xx.xxx : epmap (135)
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:31:00
      Event:  Traffic
      IP Address/User:  10.xxx.xxx.xxx
      Message:  Blocked Incoming UDP -  Source 10.xx.xx.xx : bootpc (68)  Destination 255.255.255.255 : bootps (67)
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:31:00
      Event:  Traffic
      IP Address/User:  217.xxx.xxx.xxxx.
      Description:  VPN Agent Service (vpnagent)
      Path:  C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
      Message:  Blocked Outgoing TCP -  Source 10..xx.xxx.xx :  (56899)  Destination 217.xx.xx.x.xx. : http (80)
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:31:43
      Event:  Traffic
      IP Address/User:  0.0.0.0
      Description:  Värdprocess för Windows-tjänster (svchost)
      Path:  C:\WINDOWS\System32\svchost.exe
      Message:  Blocked Incoming UDP -  Source 0.0.0.0 : bootpc (68)  Destination 255.255.255.255 : bootps (67)
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:31:47
      Event:  Traffic
      IP Address/User:  0.0.0.0
      Description:  Värdprocess för Windows-tjänster (svchost)
      Path:  C:\WINDOWS\System32\svchost.exe
      Message:  Blocked Incoming UDP -  Source 0.0.0.0 : bootpc (68)  Destination 255.255.255.255 : bootps (67)
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:31:56
      Event:  Traffic
      IP Address/User:  0.0.0.0
      Description:  Värdprocess för Windows-tjänster (svchost)
      Path:  C:\WINDOWS\System32\svchost.exe
      Message:  Blocked Incoming UDP -  Source 0.0.0.0 : bootpc (68)  Destination 255.255.255.255 : bootps (67)
      Matched Rule:  Block All Traffic

      Time:  2014-02-11 14:32:11
      Event:  Traffic
      IP Address/User:  0.0.0.0
      Description:  Värdprocess för Windows-tjänster (svchost)
      Path:  C:\WINDOWS\System32\svchost.exe
      Message:  Blocked Incoming UDP -  Source 0.0.0.0 : bootpc (68)  Destination 255.255.255.255 : bootps (67)
      Matched Rule:  Block All Traffic

       

       

       

       

       

      Thanks  and  regards

       

      BOB

        • 1. Re: unable to access internet unless she uses the VPN-client // hips  8
          rothman

          Unless your network has actually started to use IPv6, it should be blocking that protocol.

           

          What I noticed was this:

           

          Time:  2014-02-11 14:31:00

          Event:  Traffic

          IP Address/User:  217.xxx.xxx.xxxx.

          Description:  VPN Agent Service (vpnagent)

          Path:  C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

          Message:  Blocked Outgoing TCP -  Source 10..xx.xxx.xx :  (56899)  Destination 217.xx.xx.x.xx. : http (80)

          Matched Rule:  Block All Traffic

           

          It appears that you are missing an exception in your HIPS firewall rule(s) to allow for vpnagent.exe to communicate on port 80.  Though, based on the title of your post, this is a bit confusing because you say that your end-user is unable to access the Internet unless they use the VPN.

           

          An easy way to figure out what rules you need to configure in your HIPS firewall rule(s) is to turn on 'Learn Mode' for both incoming and outgoing.  You will then be prompted by the firewall for either an 'Allow' or 'Block' whenever an unknown connection is attempted.  By using this feature, you can find out exactly what is blocking access to port 80/443/8080 (common http/https Internet protocols) and then add those exceptions to your firewall rule.