Solved

Wierd Remote access networking problem

Posted on 2003-11-19
8
787 Views
Last Modified: 2013-12-07
Hi there,

I am having a wierd problem accessing a remote network, lets call this network AWAY.

Here is the situation, When I am at my corporate office and want to access AWAY via Terminal Services, SSH, or a HTTP Remote management browser (Linksys Firewall Browser) etc... I cant reach it from my OFFICE network.

Now here is where it starts to get wierd.

I can connect VIA Remote Desktop/ SSH or whatever from my DMZ, or another Network.

I can connect to other IP addresses via RDP etc.. from OFFICE

OFFICE to AWAY connections used to work

Now the last thing I just tried was NATTING a new IP to my computer at OFFICE and attempting to connect to AWAY with the new Public IP. This also fails?

So, it looks like there is something in my Firewall (3Com Superstack 3) that is restricting a connection to my AWAY IP address.


I have specifically made policies to allow connections to the AWAY address be allowed from the LAN at OFFICE and looked for anything that specifies the AWAY address, but to no avail.

Does it sound like I am on the right path, or have I overlooked something obvious?

Thanks,

Mike
0
Comment
Question by:UnifiedIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 2

Accepted Solution

by:
rccguy earned 150 total points
ID: 9781439
check your router at the Away network to make sure that you haven't turned off any services that need to be running for SSH or remote desktop to work.  You could also try to connect to Away from another network and see if the problem is your Office network or the Away network.  I would suggest that if it used to work than track back from today to when it quit working and take note of all the changes that have taken place on both networks and start eliminating things that wouldn't make a difference.  If you've been playing with your policies check them against your originals and make sure they match up, if not set them back to when they were working and check your connection again.  Just some suggestions to try.
0
 
LVL 2

Author Comment

by:UnifiedIT
ID: 9781454
thanks rccguy,

Yeah, I can connect to AWAY from other networks, including the DMZ at my OFFICE.

I have been trying to track it back, but Its really wierd ( like I stated in my title) :)

0
 
LVL 16

Assisted Solution

by:The--Captain
The--Captain earned 50 total points
ID: 9781949
Using tcptraceroute will go a long way towards solving this one for you.

Cheers,
-Jon
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 2

Expert Comment

by:rccguy
ID: 9782037
Well there is definetly a policy setup in your firewall that is preventing you from connecting from Office.  I would suggest going through them and see what might be giving you the problem.  If your comfortable with posting it I'll try to help you figure it out.  We'd also need to know the type of firewall your using.  I'm betting that SSH or some service is turned off or something as been setup to restrict access to outside networks in the firewall.  To verify try a tracert on the away network and see where if the problem is accessing the network or if it could be a protocol issue.
0
 
LVL 2

Author Comment

by:UnifiedIT
ID: 9782054
Ok...

I cant ping or trace route the public IP of the remote network from the OFFICE LAN.

I can tracert/ping the AWAY network from my DMZ though..

The same goes for the gateway that I try to ping for the remote networks ISP?

All I see when I tracert is the first hop (my routers ethernet port) then it dies?

It look like it must either be my firewall, or possibly something along the line of ACL's on my routers? Ill have to check into some more here!

Any other ideas? Opinions etc...
0
 
LVL 2

Author Comment

by:UnifiedIT
ID: 9782132
rcguy,

one more thing before I post policies..

Its a 3com superstack 3 firewall and I because I see that all the services that I try to connect to at this IP (AWAY) are not working, lets just go with the http interface at the AWAY site. Since it was http, I would think that any policy would almost have to be specific to the AWAY IP address? Simply because I can use this, SSH, RDP etc on other remote addresses, my last post suggests that the firewall has a problem with the whole subnet!

If I jump a subnet up or down, I can ping those.... for ex I can ping x.x.118.whatever, cant ping x.x.119.whatever, can ping x.x.120.whatever..  I know that comcast owns the x.x.118.0/23 block, so the first two fall within their network...

hmmm...
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9783637
No, no, not tracert (although that can help some), but tcptraceroute...

tcptraceroute (originally a linux tool but I think there are now windoze equivalents) will send packets on a particular tcp port (ie ssh), but otherwise behaves exactly like traceroute.  Using tcptraceroute will tell you exactly who is blocking your packets.

Cheers,
-Jon

0
 
LVL 2

Author Comment

by:UnifiedIT
ID: 9788088
Thanks for the help guys.

This ended up being something kinda simple.

First, thanks for the new tool there Captain, that will be helpful in the future, it didnt exactly solve my problem this time, but helped lead to me getting this.

I went back and looked at what was changed along with policies as rc suggested. It was actually a VPN SA that I was testing for the remote network. Apparently, the network info that I entered was wrong, and as soon as I deleted the SA, all was well.

Thank you for you help again.

Mike
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question