Solved

PPTP Vpn connects but does not give me a default gateway

Posted on 2009-07-03
9
1,811 Views
Last Modified: 2012-05-07
Hello all, I have a weird problem. I have a Watchguard Firebox X1000 that has PPTP enabled and provides many Vpns for remote users. This has worked fine for ages but has suddenly stopped working for SOME users. The VPV connects fine but ipconfig /all shows an ip address is given, correct DNS but no default gateway. (to be honest, I am not even sure whether or not this has always been like this as I have never noticed before) Despite this, I can ping what should be the gateway address but no other LAN IPs. The watchguard shows the PPTP session as connected as does the windows PPTP client?

I am at a loss here as nothing has been changed and it is still working for some users??

Please help
0
Comment
Question by:Andrew Lee
  • 6
  • 3
9 Comments
 

Author Comment

by:Andrew Lee
ID: 24772758
I might add that I can succesfully ping the the hostname and IP address handed out to the VPN client from within the LAN.
0
 
LVL 10

Expert Comment

by:Korbus
ID: 24772798
I assume you have reboot (power down & up), the firewall box?
It sounds like the device is not lettingthe vpn traffic go past it into the LAN.  Is the gateway address that you CAN ping, the firewall itself?

I wouldn't think you need the gateway setting for a vpn connection.
Has anything changed on the client computers?  Perhaps new AV&firwall software?  Sometimes, firewall software requires you to enable specific subnets for them to allow the computer to talk with them.
0
 

Author Comment

by:Andrew Lee
ID: 24772867
I have rebooted the firewall a couple of times but it's no different. The gateway address IS the firewall LAN IP, yes.

Not sure about the gateway settings as you tend not to notice these things until they don't work but I guess if I can ping that address then you are probably right.

Nothing has changed client side whatsoever, this is a real bummer as we only have hardware support on the box too...

I shall reboot it again and see what happens this time (that will make everybody happy :))
0
 
LVL 10

Expert Comment

by:Korbus
ID: 24772901
Have you tried this?:
Clear the firewall logs.
Ping an internal LAN IP address via the vpn.
Ping the gateway address via the vpn.
Check the firewall logs.

Can you see where the traffic is being stopped in the internal LAN ping?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Andrew Lee
ID: 24772908
The watchguard is also showing packets sent and received on the session I am using to test?
0
 

Author Comment

by:Andrew Lee
ID: 24772921
Firewall logs on the client or the Watchguard as I don't know where they are on the client and I do not have a logging server set up on the Lan :(?
0
 

Author Comment

by:Andrew Lee
ID: 24772993
Reboot made no difference...
0
 
LVL 10

Expert Comment

by:Korbus
ID: 24773086
Sorry I was not clear.
I meant check the logs of the watchguard firewall itself.  Do the pings from the vpn clients IP, get forwarded to the internal lan IP you can't ping properly?  Or do they get blocked?  (we know the traffic between the VPN client, and the watchguard works- so you can mostly ignore that traffic in the log.)

I'm not familiar with watchguards, but it probably can caputre or log this traffic somehow.  You may need to adjust it's "what gets logged" settings, if watchguard has those.

0
 

Accepted Solution

by:
Andrew Lee earned 0 total points
ID: 24792311
It seems my firebox is faulty and I am being sent a replacement....

Thanks for your help anyway Korbus
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now