Wierd Remote access networking problem

Hi there,

I am having a wierd problem accessing a remote network, lets call this network AWAY.

Here is the situation, When I am at my corporate office and want to access AWAY via Terminal Services, SSH, or a HTTP Remote management browser (Linksys Firewall Browser) etc... I cant reach it from my OFFICE network.

Now here is where it starts to get wierd.

I can connect VIA Remote Desktop/ SSH or whatever from my DMZ, or another Network.

I can connect to other IP addresses via RDP etc.. from OFFICE

OFFICE to AWAY connections used to work

Now the last thing I just tried was NATTING a new IP to my computer at OFFICE and attempting to connect to AWAY with the new Public IP. This also fails?

So, it looks like there is something in my Firewall (3Com Superstack 3) that is restricting a connection to my AWAY IP address.

I have specifically made policies to allow connections to the AWAY address be allowed from the LAN at OFFICE and looked for anything that specifies the AWAY address, but to no avail.

Does it sound like I am on the right path, or have I overlooked something obvious?


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

check your router at the Away network to make sure that you haven't turned off any services that need to be running for SSH or remote desktop to work.  You could also try to connect to Away from another network and see if the problem is your Office network or the Away network.  I would suggest that if it used to work than track back from today to when it quit working and take note of all the changes that have taken place on both networks and start eliminating things that wouldn't make a difference.  If you've been playing with your policies check them against your originals and make sure they match up, if not set them back to when they were working and check your connection again.  Just some suggestions to try.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
UnifiedITAuthor Commented:
thanks rccguy,

Yeah, I can connect to AWAY from other networks, including the DMZ at my OFFICE.

I have been trying to track it back, but Its really wierd ( like I stated in my title) :)

Using tcptraceroute will go a long way towards solving this one for you.

Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Well there is definetly a policy setup in your firewall that is preventing you from connecting from Office.  I would suggest going through them and see what might be giving you the problem.  If your comfortable with posting it I'll try to help you figure it out.  We'd also need to know the type of firewall your using.  I'm betting that SSH or some service is turned off or something as been setup to restrict access to outside networks in the firewall.  To verify try a tracert on the away network and see where if the problem is accessing the network or if it could be a protocol issue.
UnifiedITAuthor Commented:

I cant ping or trace route the public IP of the remote network from the OFFICE LAN.

I can tracert/ping the AWAY network from my DMZ though..

The same goes for the gateway that I try to ping for the remote networks ISP?

All I see when I tracert is the first hop (my routers ethernet port) then it dies?

It look like it must either be my firewall, or possibly something along the line of ACL's on my routers? Ill have to check into some more here!

Any other ideas? Opinions etc...
UnifiedITAuthor Commented:

one more thing before I post policies..

Its a 3com superstack 3 firewall and I because I see that all the services that I try to connect to at this IP (AWAY) are not working, lets just go with the http interface at the AWAY site. Since it was http, I would think that any policy would almost have to be specific to the AWAY IP address? Simply because I can use this, SSH, RDP etc on other remote addresses, my last post suggests that the firewall has a problem with the whole subnet!

If I jump a subnet up or down, I can ping those.... for ex I can ping x.x.118.whatever, cant ping x.x.119.whatever, can ping x.x.120.whatever..  I know that comcast owns the x.x.118.0/23 block, so the first two fall within their network...

No, no, not tracert (although that can help some), but tcptraceroute...

tcptraceroute (originally a linux tool but I think there are now windoze equivalents) will send packets on a particular tcp port (ie ssh), but otherwise behaves exactly like traceroute.  Using tcptraceroute will tell you exactly who is blocking your packets.


UnifiedITAuthor Commented:
Thanks for the help guys.

This ended up being something kinda simple.

First, thanks for the new tool there Captain, that will be helpful in the future, it didnt exactly solve my problem this time, but helped lead to me getting this.

I went back and looked at what was changed along with policies as rc suggested. It was actually a VPN SA that I was testing for the remote network. Apparently, the network info that I entered was wrong, and as soon as I deleted the SA, all was well.

Thank you for you help again.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.