Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


PPTP Vpn connects but does not give me a default gateway

Posted on 2009-07-03
Medium Priority
Last Modified: 2012-05-07
Hello all, I have a weird problem. I have a Watchguard Firebox X1000 that has PPTP enabled and provides many Vpns for remote users. This has worked fine for ages but has suddenly stopped working for SOME users. The VPV connects fine but ipconfig /all shows an ip address is given, correct DNS but no default gateway. (to be honest, I am not even sure whether or not this has always been like this as I have never noticed before) Despite this, I can ping what should be the gateway address but no other LAN IPs. The watchguard shows the PPTP session as connected as does the windows PPTP client?

I am at a loss here as nothing has been changed and it is still working for some users??

Please help
Question by:Andrew Lee
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3

Author Comment

by:Andrew Lee
ID: 24772758
I might add that I can succesfully ping the the hostname and IP address handed out to the VPN client from within the LAN.
LVL 10

Expert Comment

ID: 24772798
I assume you have reboot (power down & up), the firewall box?
It sounds like the device is not lettingthe vpn traffic go past it into the LAN.  Is the gateway address that you CAN ping, the firewall itself?

I wouldn't think you need the gateway setting for a vpn connection.
Has anything changed on the client computers?  Perhaps new AV&firwall software?  Sometimes, firewall software requires you to enable specific subnets for them to allow the computer to talk with them.

Author Comment

by:Andrew Lee
ID: 24772867
I have rebooted the firewall a couple of times but it's no different. The gateway address IS the firewall LAN IP, yes.

Not sure about the gateway settings as you tend not to notice these things until they don't work but I guess if I can ping that address then you are probably right.

Nothing has changed client side whatsoever, this is a real bummer as we only have hardware support on the box too...

I shall reboot it again and see what happens this time (that will make everybody happy :))
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

LVL 10

Expert Comment

ID: 24772901
Have you tried this?:
Clear the firewall logs.
Ping an internal LAN IP address via the vpn.
Ping the gateway address via the vpn.
Check the firewall logs.

Can you see where the traffic is being stopped in the internal LAN ping?

Author Comment

by:Andrew Lee
ID: 24772908
The watchguard is also showing packets sent and received on the session I am using to test?

Author Comment

by:Andrew Lee
ID: 24772921
Firewall logs on the client or the Watchguard as I don't know where they are on the client and I do not have a logging server set up on the Lan :(?

Author Comment

by:Andrew Lee
ID: 24772993
Reboot made no difference...
LVL 10

Expert Comment

ID: 24773086
Sorry I was not clear.
I meant check the logs of the watchguard firewall itself.  Do the pings from the vpn clients IP, get forwarded to the internal lan IP you can't ping properly?  Or do they get blocked?  (we know the traffic between the VPN client, and the watchguard works- so you can mostly ignore that traffic in the log.)

I'm not familiar with watchguards, but it probably can caputre or log this traffic somehow.  You may need to adjust it's "what gets logged" settings, if watchguard has those.


Accepted Solution

Andrew Lee earned 0 total points
ID: 24792311
It seems my firebox is faulty and I am being sent a replacement....

Thanks for your help anyway Korbus

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question