Solved

PPTP Vpn connects but does not give me a default gateway

Posted on 2009-07-03
9
1,854 Views
Last Modified: 2012-05-07
Hello all, I have a weird problem. I have a Watchguard Firebox X1000 that has PPTP enabled and provides many Vpns for remote users. This has worked fine for ages but has suddenly stopped working for SOME users. The VPV connects fine but ipconfig /all shows an ip address is given, correct DNS but no default gateway. (to be honest, I am not even sure whether or not this has always been like this as I have never noticed before) Despite this, I can ping what should be the gateway address but no other LAN IPs. The watchguard shows the PPTP session as connected as does the windows PPTP client?

I am at a loss here as nothing has been changed and it is still working for some users??

Please help
0
Comment
Question by:Andrew Lee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 

Author Comment

by:Andrew Lee
ID: 24772758
I might add that I can succesfully ping the the hostname and IP address handed out to the VPN client from within the LAN.
0
 
LVL 10

Expert Comment

by:Korbus
ID: 24772798
I assume you have reboot (power down & up), the firewall box?
It sounds like the device is not lettingthe vpn traffic go past it into the LAN.  Is the gateway address that you CAN ping, the firewall itself?

I wouldn't think you need the gateway setting for a vpn connection.
Has anything changed on the client computers?  Perhaps new AV&firwall software?  Sometimes, firewall software requires you to enable specific subnets for them to allow the computer to talk with them.
0
 

Author Comment

by:Andrew Lee
ID: 24772867
I have rebooted the firewall a couple of times but it's no different. The gateway address IS the firewall LAN IP, yes.

Not sure about the gateway settings as you tend not to notice these things until they don't work but I guess if I can ping that address then you are probably right.

Nothing has changed client side whatsoever, this is a real bummer as we only have hardware support on the box too...

I shall reboot it again and see what happens this time (that will make everybody happy :))
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 
LVL 10

Expert Comment

by:Korbus
ID: 24772901
Have you tried this?:
Clear the firewall logs.
Ping an internal LAN IP address via the vpn.
Ping the gateway address via the vpn.
Check the firewall logs.

Can you see where the traffic is being stopped in the internal LAN ping?
0
 

Author Comment

by:Andrew Lee
ID: 24772908
The watchguard is also showing packets sent and received on the session I am using to test?
0
 

Author Comment

by:Andrew Lee
ID: 24772921
Firewall logs on the client or the Watchguard as I don't know where they are on the client and I do not have a logging server set up on the Lan :(?
0
 

Author Comment

by:Andrew Lee
ID: 24772993
Reboot made no difference...
0
 
LVL 10

Expert Comment

by:Korbus
ID: 24773086
Sorry I was not clear.
I meant check the logs of the watchguard firewall itself.  Do the pings from the vpn clients IP, get forwarded to the internal lan IP you can't ping properly?  Or do they get blocked?  (we know the traffic between the VPN client, and the watchguard works- so you can mostly ignore that traffic in the log.)

I'm not familiar with watchguards, but it probably can caputre or log this traffic somehow.  You may need to adjust it's "what gets logged" settings, if watchguard has those.

0
 

Accepted Solution

by:
Andrew Lee earned 0 total points
ID: 24792311
It seems my firebox is faulty and I am being sent a replacement....

Thanks for your help anyway Korbus
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Macbook Sierra OS OpenVPN issue 13 197
AWS VPS as AD Server 2 98
CISCO Router 1 44
VPN Exposure 19 28
I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question