Link to home
Start Free TrialLog in
Avatar of SupportECI
SupportECI

asked on

SonicWall VPN Only Connects to Domain Controllers

We have a SonicWall Pro 330.  I had a user say he could not connect to servers and apps via VPN.  I took the laptop home and the only computers it will connect to are our domain controllers (both are also dns servers).  I found the same was true with my home laptop.

We have remote users that use the VPN daily and they have not reported any issues (and I know their connections were working yesterday).

I thought DNS, but all computers internally are working and some remote connections are working.  Does anyone have any ideas?  Here is some more info on our network:

2 - W2k DCs
Various other 2k and 2k3 servers
Sonicwall VPN
Users laptop is XP pro, SP2
My laptop is XP home, SP2

If you need more info, please let me know! TIA!
SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of SupportECI
SupportECI

ASKER

Thanks for the responses.

-------------------------
RobWill:

I can ping and connect to the DCs by name or IP.

I cannot ping or connect by name to other computers (also remoted desktop and VNC do not work).

We are using the sonicwall vpn client.

One of the computers, XP pro, is a member of the domain; Mine, XP home, is not.

I will have to verify the subnets are not the same, I know we have had issues with that before.  But the user does not use a router, so he should not be getting a private IP.  I will check on my router.

-------------------------
nitadmin:

see above.

-------------------------
saw830:

When we try to ping it times out.  When trying to connect to shares, it comes back as "the network path was not found"

I will have to check on the dns setup of the laptops and the rest of your suggestions later when I am out of the office.
Is there any chance a group policy has been changed that enabled the Windows Firewall on all workstations? Where this was working before, it doesn't sound like a configuration issue, and the fact that you cannot ping by IP rules out DNS, as the primary problem.
When you connect to the Sonicwall using the Sonicwall Global VPN client, are you getting an ip address on the virtual connection? Is the ip address in the same subnet as subnet in office LAN. When connecting to the Sonicwall using Global VPN client you should get an ip address from DHCP server running on the Sonicwall device. If you don't get an ip address from Soincwall Device, then you have to configure a static ip address for the virtual connection. Make sure the address is in the same subnet.

Cheers,
NITADMIN
Sorry for the delay...

I checked my router and it was set on the same subnet as our internal subnet.  Once I changed this everything worked fine for my computer and the users.  

I am not sure the users issues are fixed yet, however.  The user stated that apps and network shares were not working.  I assumed that he would not have known or thought about trying to connect to our DC's so his issues must have been the same.  Now I am thinking it is a different issue with his connection, but it is obviously not the computer as it worked fine for me.  Also the user said he does not use a router, so since we have the same ISP (sbc yahoo) I am going to try it tonight without the router, just plugged right into the dsl modem.

I will let you know what happens with that.
>>"The user stated that apps and network shares were not working. "
Can the user connect to the shares by IP  e.g. \\192.168.123.123\ShareName  perhaps they now have a connection, assuming their subnet is different, and it is just a name resolution issue at this point.

>>"I am going to try it tonight without the router, just plugged right into the dsl modem."
Good test. Let us know how it goes.
Sorry for the delay.

I plugged the laptop straight into the modem and everything worked fine.

So I could not recreate the problem, as the user does not have a router.  I am now not even sure he could reach the DCs.  I have asked him to try it again and to call me when he trys to connect so that we can get more information.  I will update this when he has a chance to try it again (hopefully in the next few days).
By the way, you mentioned SBC earlier. I have read a few articles lately stating the the SBC connection client can interfere with VPN's. These refereed to PPTP VPN's but may apply to your Global VPN IPSec client as well. As a test you might want to try un-installing if present.

Let us know how it goes.
Well all I really don't know what came of the this, because the user never could get connected, but we have never been able to go to his house to see if something might be the problem there.  So I will split points and call it good.  Thanks for all of you suggestions.
Thanks SupportECI. Enjoy the holiday season.
Cheers !
--Rob