PPTP Vpn connects but does not give me a default gateway

Posted on 2009-07-03
Medium Priority
Last Modified: 2012-05-07
Hello all, I have a weird problem. I have a Watchguard Firebox X1000 that has PPTP enabled and provides many Vpns for remote users. This has worked fine for ages but has suddenly stopped working for SOME users. The VPV connects fine but ipconfig /all shows an ip address is given, correct DNS but no default gateway. (to be honest, I am not even sure whether or not this has always been like this as I have never noticed before) Despite this, I can ping what should be the gateway address but no other LAN IPs. The watchguard shows the PPTP session as connected as does the windows PPTP client?

I am at a loss here as nothing has been changed and it is still working for some users??

Please help
Question by:Andrew Lee
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3

Author Comment

by:Andrew Lee
ID: 24772758
I might add that I can succesfully ping the the hostname and IP address handed out to the VPN client from within the LAN.
LVL 10

Expert Comment

ID: 24772798
I assume you have reboot (power down & up), the firewall box?
It sounds like the device is not lettingthe vpn traffic go past it into the LAN.  Is the gateway address that you CAN ping, the firewall itself?

I wouldn't think you need the gateway setting for a vpn connection.
Has anything changed on the client computers?  Perhaps new AV&firwall software?  Sometimes, firewall software requires you to enable specific subnets for them to allow the computer to talk with them.

Author Comment

by:Andrew Lee
ID: 24772867
I have rebooted the firewall a couple of times but it's no different. The gateway address IS the firewall LAN IP, yes.

Not sure about the gateway settings as you tend not to notice these things until they don't work but I guess if I can ping that address then you are probably right.

Nothing has changed client side whatsoever, this is a real bummer as we only have hardware support on the box too...

I shall reboot it again and see what happens this time (that will make everybody happy :))
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

LVL 10

Expert Comment

ID: 24772901
Have you tried this?:
Clear the firewall logs.
Ping an internal LAN IP address via the vpn.
Ping the gateway address via the vpn.
Check the firewall logs.

Can you see where the traffic is being stopped in the internal LAN ping?

Author Comment

by:Andrew Lee
ID: 24772908
The watchguard is also showing packets sent and received on the session I am using to test?

Author Comment

by:Andrew Lee
ID: 24772921
Firewall logs on the client or the Watchguard as I don't know where they are on the client and I do not have a logging server set up on the Lan :(?

Author Comment

by:Andrew Lee
ID: 24772993
Reboot made no difference...
LVL 10

Expert Comment

ID: 24773086
Sorry I was not clear.
I meant check the logs of the watchguard firewall itself.  Do the pings from the vpn clients IP, get forwarded to the internal lan IP you can't ping properly?  Or do they get blocked?  (we know the traffic between the VPN client, and the watchguard works- so you can mostly ignore that traffic in the log.)

I'm not familiar with watchguards, but it probably can caputre or log this traffic somehow.  You may need to adjust it's "what gets logged" settings, if watchguard has those.


Accepted Solution

Andrew Lee earned 0 total points
ID: 24792311
It seems my firebox is faulty and I am being sent a replacement....

Thanks for your help anyway Korbus

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month14 days, 14 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question