Link to home
Start Free TrialLog in
Avatar of jmarenghi
jmarenghi

asked on

VPN Connectivity issue

I am having an issue with one of my site to site vpn's.
I have a hub spoke network with Headquarters connecting to 4 remote sites.
As of last Monday a user called and we found that one of the remote sites stopped connecting to an Exchange server on the HQ network. This network has been up and running with the current hardware/software configuration for months. No recent changes have been made on our end to any of the hardware or software.

In an attempt to isolate the issue, I recreated the VPN tunnel between HQ and the remote site. No problem. I can ping machines back and forth. The firewall rules allow all traffic on all ports to and from the remote subnet and the HQ subnet. I then unplugged all network devices on the remote network and recreated the VPN using a new subnet on the remote network. The VPN tunnel worked again.

Here are a couple of symptoms of my problem.
I can not put the LAN IP address of a web server (OWA) on the HQ network in IE on a machine in the remote network and get a response from the server. I can ping it and when the local DNS server is up, I can resolve the correct IP using the server name. I was able to do this before and I can do this from my other remote networks and all of my site to site VPN tunnels are set up the same. I can RDP to servers from the remote network, but I can not RDP to the Server in the remote network. I was always able to do this in the past. I can RDP to a remote server on my other remote LANs. Again the VPN settings are the same for all my site to site tunnels.

The fact that IE will not respond when I put the HQ LAN IP of the OWA server in the browser I believe is the key to my problem. I have other web servers on the HQ network and the behavior happens when trying to connect to them as well. I am 100% sure that these servers are up and running because I can RDP into machines on my other remote subnets and put the web server IPs in IE and the web pages will respond. I can also RDP to my other servers on my remote LANs accept the server in my problem remote site.

I can however put the public IP of my OWA server in IE at the problem site and I am able to connect. Why cant I run OWA through the VPN tunnel anymore? I could before, and I can from my other remote sites.

The service at my remote site is a DSL provided by AT&T. My Sonicwall TZ-190 connects to an AT&T supplied Netopia 3347W which is set up as a pass through so my Sonicwall can have my public static IP assigned to the WAN side.

I apologize for the length of this explanation. I hope I conveyed my problem clearly. I have set up many remote sites like this. I have never had a problem like this.

Any help is much appreciated
Thanks
JDM
Avatar of meverest
meverest
Flag of Australia image

I think what you are saying is that from one particular site, you can ping the OWA server and get ping replies, but you can't access it with a web browser?

What is the error or problem behaviour of the web browser?  Can you hit any other ports?  (e.g. smtp, pop3)?

Sounds more like a firewall issue than anything else.  Is there any NAT between the networks, or is it all routed?

Cheers.
Avatar of jmarenghi
jmarenghi

ASKER

Thanks meverest,

You are correct. I can ping owa from the lan on the remote site but I cannot type the server name or IP in IE and get the page. I can however type the public IP of my OWA server in IE and bypass the VPN.
I get a generic 'page cannot be displayed' error after I let it time out for a while. (from lan to lan over VPN)

I have a sigle Exchange Server so OWA and the Information Store are on one machine.

I can telnet on port 25 to the Exchange server.

There is no NAT between the networks. Anything back and forth between HQ LAN and Remote LAN is routed at the firewalls.

Thanks
JDM
ASKER CERTIFIED SOLUTION
Avatar of meverest
meverest
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hear is another wrinkle in my problem... I hope I can explain this.

First off I have a Citrix server at HQ which has a Web interface that I can connect to from my problem remote LAN over the VPN (using HQ LAN address in IE). This makes me think that port 80 can get through on some servers at HQ.

From this Citrix server at HQ I can drill into a server and a desktop that sits on the remote LAN via My network places.
I can NOT do this from the OWA server. I get a Server is not accessesble. You might not have permision.... error

I hope this give me another avenue to explor.

I have also drilled into servers and desktops from HQ servers to remote LANs that are working properly. I have no problem see File shares/printers etc.

Hope this helps
JDM
 

Am i having some type of NetBios problem?
It really sounds to me like either you have an IP address conflict or a bad default gateway set on one of your devices. The first thing I would do is look into a IP conflict. Try pinging the devices, then turn off the device and try pinging, if something else responds you have a conflict. Normally when you can ping a device but the services don't respond it's because another device is responding that shouldn't be.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Guys,

As it turns out it was the Firewall at the remote site. Accespt that it was some bad firmware from SW. They put out  a new release and that freed up the traffic.

Thanks
JDM