One way traffic over a hardware VPN
Main Site:
Bonded T-1 (3MB)
Watchgurard Firewall (550e)
Small Business Server 2003 with Exchange 2003 Fully patched
35 workstations joined to domain
Site 2 (good working condition through hardware VPN)
Cable (6MBx1MB)
Watchguard Firewall(x10e-w)
5 workstations joined to main site domain
Site 3 (One way traffic through hardware VPN)
Cable (6MBx2MB) Different company than 2nd site)
Watchguard Firewall (x10e-w)
Small Business Server 2003 no Exchange 2003 fully patched
4 workstations joined to domain
I can get to the SBS server from site 3 through Outlook connected to exchange and also to file shares.
I cannot remote into a PC at site 3 from the main site. I can, however, remote into a PC at the main site from site 3.
Also, I cannot ping from the main site to site 3.
The reason for the ping failure alternates between two statements:
Reply from 192.168.0.1: Destination host unreachable
Request timed out.
Reply from 192.168.0.1: Destination host unreachable
Request timed out.
Any help would be greatly appreciated.
Bonded T-1 (3MB)
Watchgurard Firewall (550e)
Small Business Server 2003 with Exchange 2003 Fully patched
35 workstations joined to domain
Site 2 (good working condition through hardware VPN)
Cable (6MBx1MB)
Watchguard Firewall(x10e-w)
5 workstations joined to main site domain
Site 3 (One way traffic through hardware VPN)
Cable (6MBx2MB) Different company than 2nd site)
Watchguard Firewall (x10e-w)
Small Business Server 2003 no Exchange 2003 fully patched
4 workstations joined to domain
I can get to the SBS server from site 3 through Outlook connected to exchange and also to file shares.
I cannot remote into a PC at site 3 from the main site. I can, however, remote into a PC at the main site from site 3.
Also, I cannot ping from the main site to site 3.
The reason for the ping failure alternates between two statements:
Reply from 192.168.0.1: Destination host unreachable
Request timed out.
Reply from 192.168.0.1: Destination host unreachable
Request timed out.
Any help would be greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will check that out tmoore1962 and get back to you.
Any chance SBS at site 3 has 2 NIC's?
ASKER
RobWill,
There are two NICs in the Site 3 SBS server but one of them is disabled.
Just to clarify,
All VPNs are up and the main router shows Rx and Tx for both remote sites.
The problem in it's most basic form is that I can't get to site 3 from the main office.
Why would traffic only flow one way when I have configured site 3 like site 2 in every way except, obviously the lan?
There are two NICs in the Site 3 SBS server but one of them is disabled.
Just to clarify,
All VPNs are up and the main router shows Rx and Tx for both remote sites.
The problem in it's most basic form is that I can't get to site 3 from the main office.
Why would traffic only flow one way when I have configured site 3 like site 2 in every way except, obviously the lan?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It has to be a routing issue. Since you are getting a destination unreachable. Try a pathping from 1 to 3, I am assuming that the router in site 1 is also the firewall for the site. check the acl's very very carefully. The ACL can look correct but any little syntax will prevent them from working. FIREWALL DENY by default.
Double check your IPSec tunnels in the Watchguard configuration. I suspect a syntax error there will also impede traffic in one direction.
ASKER
tmoore1962,
My main watchguard reports a destination host unreachable when I try pathping to site 3.
Pathping works fine from main to site 2. (131 ms and 100%)
My main watchguard reports a destination host unreachable when I try pathping to site 3.
Pathping works fine from main to site 2. (131 ms and 100%)
ASKER
tmoore1962,
The tunnels are identical minus the IPs. And as I stated before the tunnels are up and Tx, Rx show bytes being transfered.
I am going to give Watchguard a call and see if they have any insight into the issue also.
Thanks for your continued help.
The tunnels are identical minus the IPs. And as I stated before the tunnels are up and Tx, Rx show bytes being transfered.
I am going to give Watchguard a call and see if they have any insight into the issue also.
Thanks for your continued help.
ASKER
It turned out that one of the optional networks on the main watchguard was configured with the same LAN settings as site 3. Even though I don't use the optional port on the router it must have had a defalt route that was confusing it.
Thanks for all your help!!
Thanks for all your help!!
ASKER
192.168.0.0/24
Site 2:
192.168.6.0/24
Site 3:
192.168.50.0/24