Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cannot connect to SQL running on a VPN Client, watchguard 1250e and Watchguard VPN CLient

Posted on 2009-04-03
13
Medium Priority
?
885 Views
Last Modified: 2013-11-16
We have a client VPN server that simply runs Win XP pro, all updates.  On this server is a master SQL DB that our program accesses.  The program is installed on 15 to 20 computers in this customers office.  The reason we have a VPN client installed on this server is because we use SQL replication to update that DB with ours.  This all works fine, and the VPN seems to work perfectly.  The problem is when we turn on the VPN the customer's computer can no longer access the SQL DB on our Server.  Shut it off and everything works fine, but we lose our connection for replication.  I have verified the packets are simply being ignored when the VPN is turned on.  Packets leave the customers workstations and never get a reply.  On the server there is no incoming packets from that workstation.  I used WireShark to watch the packet traffic.  UDP Port 1434 is open on the server with and without the VPN being on.  I have been on the phone with Watcguard to their engineers and so far no-one has come up with a solution.  

Help?!
0
Comment
Question by:Codeonesysadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
13 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24065993
I think there is a zero route tunnel (0.0.0.0/0) [configured with option "Force all traffic through tunnel"] and not split tunneling implemented as a result the machine loses all local network connectivity.

Can you elaborate on the type of VPN configured (IPSec/PPTP).

Please provide details.

Thank you.
0
 

Author Comment

by:Codeonesysadmin
ID: 24068366
This is the first thing everyone suggests.  we do not force all traffic through tunnel.  IPSEC is the configuration we are trying to use.  there is no 0.0.0.0/24 in the routes.  Good first guess.
0
 

Author Comment

by:Codeonesysadmin
ID: 24068378
Also let me add that the server and workstation can still browse each other, shares and all.  We Remote desktop to each just fine with and without the VPN being turned on.  So far it seems only SQL Server is effected on port 1434.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 32

Expert Comment

by:dpk_wal
ID: 24072040
Just to clarify as I understand:
WG X1250e is acting as VPN server [lets call it network A]; MUVPN client is installed on XP Pro machine which is hosting DB server [lets call it network B].
Before MUVPN is turned on, on network B other machines can access the DB server on XP machine, after VPN is enabled then the local machines on network B cannot access DB on XP machine.
At the same time with VPN enabled, can other machines on network B RDP to XP machine, or ping it or send any traffic.
Also, from network A after VPN is established, you can access XP machines from all the machines. Can ping/RDP or sync DB.

If such is the case, can you check the routing table before and after VPN establishment; do you see any changes in routing table, use command: route print [from command prompt].
Also, what is the IP subnet on network A and network B.

Please provide details.

Thank you.
0
 

Author Comment

by:Codeonesysadmin
ID: 24079265
Your understanding is correct, to clarify point sin question.  When VPN is enabled (Turned on and connected) Computers in Network B can access the DB server by means of pings, Remote desktop, browsing network neighborhood etc.  From Network A, when VPN is enabled we can ping, remote desktop, and browse the server.  Subnet A is 192.168.207.0  Subnet B is on the 192.0.0.0.  I've attached a Screen shot of the route prints.  The first or top run of the route print is with VPN On the bottom half is without the VPN connection.
0
 

Author Comment

by:Codeonesysadmin
ID: 24079275
Screen shot, sorry it didn't attach to previous comment
Route-Prints.bmp
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24084284
Everything looks good; so when VPN is connected only DB does not work; can you run sniffer (like wireshark) and sniff for packets on the XP machine for DB port/protocol from one specific client with VPN connected and not connected.
This would give a clear picture as to the difference between the two cases.

I was earlier thinking this of as routing problem; but now it looks more of application/system issue.

Please mask two octets of all public IP address and MAC addresses, if you post anything on this thread.

Please check and update.

Thank you.
0
 

Author Comment

by:Codeonesysadmin
ID: 24086880
I've sniffed for packets on the DB server, the odd thing is nothing ever shows up when the VPN is on.  I have specified, IP, Ports, and protocols, and nothing ever appears to come through as expected.  By this I mean specifically from the workstation trying to access SQL.  Ports 1434 (UDP), 1028 (TCP), and 135(TCP) are usually used when a SQL call is made. Other traffic is clearly visible.  Turn off the VPN and these ports come alive and SQL works fine.  It's seems the traffic is being ignored, or being thrown into the tunnel with no place to go?  I've run the WireShark on both the virtual adapter and the hardware adapter and still never see the traffic.  I did get an update from Watchguard that they are handing the case off to NCP-Client for a possible Bug Fix.  They will need to replicate the issue.  I have replicated it twice now with different remote servers.
0
 

Author Comment

by:Codeonesysadmin
ID: 24086931
As I have been under extreme pressure to get a resolve to this issue, I tried a SSL VPN to this box.  Everything works perfectly all around.  The problem is now we will have to upgrade our Firebox to get more SSL Licenses unless I can figure out the IPSEC Mobile VPN problems.  an odd FYI to this story.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24087406
One last thing, can you check the IP address at which the XP machine listens for request before and after VPN connection; netstat -na; netstat -a; netstat -nb [from command prompt]
If the IP address at which the server listens changes, then this might explain as to why the packet is not seen by sniffer.

I am running out of ideas as to the root cause of problem! :(

Need not send the output; please update on the result.

Thank you.
0
 

Author Comment

by:Codeonesysadmin
ID: 24089857
Ports that disappear from No VPN to VPN being turned on are:

1807, 1824  sqlserv.exe
1810 TCP
4102 netbios-ssn
1825 TCP emap

I believe sql server and sql browser service broadcast their existence on port 1824.  This allows you to browse to the SQL database rather than have to know the connection string.  Our program is configured to know the connection string.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 24090323
In this case I am clueless as what the issue is; sorry I was not of much help.
0
 

Author Comment

by:Codeonesysadmin
ID: 24090563
Thanks for the effort.  Seems we are stuck and Watchguard is stuck as well.  We are probably going to use the SSL VPN until a bug fix is released.  Thanks again for the help!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article will provide a solution for an error that might occur installing a new SQL 2005 64-bit cluster. This article will assume that you are fully prepared to complete the installation and describes the error as it occurred durin…
When writing XML code a very difficult part is when we like to remove all the elements or attributes from the XML that have no data. I would like to share a set of recursive MSSQL stored procedures that I have made to remove those elements from …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question