Solved

PPTP Vpn connects but does not give me a default gateway

Posted on 2009-07-03
9
1,796 Views
Last Modified: 2012-05-07
Hello all, I have a weird problem. I have a Watchguard Firebox X1000 that has PPTP enabled and provides many Vpns for remote users. This has worked fine for ages but has suddenly stopped working for SOME users. The VPV connects fine but ipconfig /all shows an ip address is given, correct DNS but no default gateway. (to be honest, I am not even sure whether or not this has always been like this as I have never noticed before) Despite this, I can ping what should be the gateway address but no other LAN IPs. The watchguard shows the PPTP session as connected as does the windows PPTP client?

I am at a loss here as nothing has been changed and it is still working for some users??

Please help
0
Comment
Question by:laratech
  • 6
  • 3
9 Comments
 

Author Comment

by:laratech
ID: 24772758
I might add that I can succesfully ping the the hostname and IP address handed out to the VPN client from within the LAN.
0
 
LVL 10

Expert Comment

by:Korbus
ID: 24772798
I assume you have reboot (power down & up), the firewall box?
It sounds like the device is not lettingthe vpn traffic go past it into the LAN.  Is the gateway address that you CAN ping, the firewall itself?

I wouldn't think you need the gateway setting for a vpn connection.
Has anything changed on the client computers?  Perhaps new AV&firwall software?  Sometimes, firewall software requires you to enable specific subnets for them to allow the computer to talk with them.
0
 

Author Comment

by:laratech
ID: 24772867
I have rebooted the firewall a couple of times but it's no different. The gateway address IS the firewall LAN IP, yes.

Not sure about the gateway settings as you tend not to notice these things until they don't work but I guess if I can ping that address then you are probably right.

Nothing has changed client side whatsoever, this is a real bummer as we only have hardware support on the box too...

I shall reboot it again and see what happens this time (that will make everybody happy :))
0
 
LVL 10

Expert Comment

by:Korbus
ID: 24772901
Have you tried this?:
Clear the firewall logs.
Ping an internal LAN IP address via the vpn.
Ping the gateway address via the vpn.
Check the firewall logs.

Can you see where the traffic is being stopped in the internal LAN ping?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:laratech
ID: 24772908
The watchguard is also showing packets sent and received on the session I am using to test?
0
 

Author Comment

by:laratech
ID: 24772921
Firewall logs on the client or the Watchguard as I don't know where they are on the client and I do not have a logging server set up on the Lan :(?
0
 

Author Comment

by:laratech
ID: 24772993
Reboot made no difference...
0
 
LVL 10

Expert Comment

by:Korbus
ID: 24773086
Sorry I was not clear.
I meant check the logs of the watchguard firewall itself.  Do the pings from the vpn clients IP, get forwarded to the internal lan IP you can't ping properly?  Or do they get blocked?  (we know the traffic between the VPN client, and the watchguard works- so you can mostly ignore that traffic in the log.)

I'm not familiar with watchguards, but it probably can caputre or log this traffic somehow.  You may need to adjust it's "what gets logged" settings, if watchguard has those.

0
 

Accepted Solution

by:
laratech earned 0 total points
ID: 24792311
It seems my firebox is faulty and I am being sent a replacement....

Thanks for your help anyway Korbus
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now