Solved

Wierd Remote access networking problem

Posted on 2003-11-19
8
781 Views
Last Modified: 2013-12-07
Hi there,

I am having a wierd problem accessing a remote network, lets call this network AWAY.

Here is the situation, When I am at my corporate office and want to access AWAY via Terminal Services, SSH, or a HTTP Remote management browser (Linksys Firewall Browser) etc... I cant reach it from my OFFICE network.

Now here is where it starts to get wierd.

I can connect VIA Remote Desktop/ SSH or whatever from my DMZ, or another Network.

I can connect to other IP addresses via RDP etc.. from OFFICE

OFFICE to AWAY connections used to work

Now the last thing I just tried was NATTING a new IP to my computer at OFFICE and attempting to connect to AWAY with the new Public IP. This also fails?

So, it looks like there is something in my Firewall (3Com Superstack 3) that is restricting a connection to my AWAY IP address.


I have specifically made policies to allow connections to the AWAY address be allowed from the LAN at OFFICE and looked for anything that specifies the AWAY address, but to no avail.

Does it sound like I am on the right path, or have I overlooked something obvious?

Thanks,

Mike
0
Comment
Question by:UnifiedIT
  • 4
  • 2
  • 2
8 Comments
 
LVL 2

Accepted Solution

by:
rccguy earned 150 total points
ID: 9781439
check your router at the Away network to make sure that you haven't turned off any services that need to be running for SSH or remote desktop to work.  You could also try to connect to Away from another network and see if the problem is your Office network or the Away network.  I would suggest that if it used to work than track back from today to when it quit working and take note of all the changes that have taken place on both networks and start eliminating things that wouldn't make a difference.  If you've been playing with your policies check them against your originals and make sure they match up, if not set them back to when they were working and check your connection again.  Just some suggestions to try.
0
 
LVL 2

Author Comment

by:UnifiedIT
ID: 9781454
thanks rccguy,

Yeah, I can connect to AWAY from other networks, including the DMZ at my OFFICE.

I have been trying to track it back, but Its really wierd ( like I stated in my title) :)

0
 
LVL 16

Assisted Solution

by:The--Captain
The--Captain earned 50 total points
ID: 9781949
Using tcptraceroute will go a long way towards solving this one for you.

Cheers,
-Jon
0
 
LVL 2

Expert Comment

by:rccguy
ID: 9782037
Well there is definetly a policy setup in your firewall that is preventing you from connecting from Office.  I would suggest going through them and see what might be giving you the problem.  If your comfortable with posting it I'll try to help you figure it out.  We'd also need to know the type of firewall your using.  I'm betting that SSH or some service is turned off or something as been setup to restrict access to outside networks in the firewall.  To verify try a tracert on the away network and see where if the problem is accessing the network or if it could be a protocol issue.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 2

Author Comment

by:UnifiedIT
ID: 9782054
Ok...

I cant ping or trace route the public IP of the remote network from the OFFICE LAN.

I can tracert/ping the AWAY network from my DMZ though..

The same goes for the gateway that I try to ping for the remote networks ISP?

All I see when I tracert is the first hop (my routers ethernet port) then it dies?

It look like it must either be my firewall, or possibly something along the line of ACL's on my routers? Ill have to check into some more here!

Any other ideas? Opinions etc...
0
 
LVL 2

Author Comment

by:UnifiedIT
ID: 9782132
rcguy,

one more thing before I post policies..

Its a 3com superstack 3 firewall and I because I see that all the services that I try to connect to at this IP (AWAY) are not working, lets just go with the http interface at the AWAY site. Since it was http, I would think that any policy would almost have to be specific to the AWAY IP address? Simply because I can use this, SSH, RDP etc on other remote addresses, my last post suggests that the firewall has a problem with the whole subnet!

If I jump a subnet up or down, I can ping those.... for ex I can ping x.x.118.whatever, cant ping x.x.119.whatever, can ping x.x.120.whatever..  I know that comcast owns the x.x.118.0/23 block, so the first two fall within their network...

hmmm...
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9783637
No, no, not tracert (although that can help some), but tcptraceroute...

tcptraceroute (originally a linux tool but I think there are now windoze equivalents) will send packets on a particular tcp port (ie ssh), but otherwise behaves exactly like traceroute.  Using tcptraceroute will tell you exactly who is blocking your packets.

Cheers,
-Jon

0
 
LVL 2

Author Comment

by:UnifiedIT
ID: 9788088
Thanks for the help guys.

This ended up being something kinda simple.

First, thanks for the new tool there Captain, that will be helpful in the future, it didnt exactly solve my problem this time, but helped lead to me getting this.

I went back and looked at what was changed along with policies as rc suggested. It was actually a VPN SA that I was testing for the remote network. Apparently, the network info that I entered was wrong, and as soon as I deleted the SA, all was well.

Thank you for you help again.

Mike
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Suggested Solutions

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now