Solved

Sonicwall SSL VPN users sometimes experience frequently lost connections

Posted on 2010-09-02
10
582 Views
Last Modified: 2012-05-10
We have a Sonicwall SSL-VPN 2000 running version SonicOS SSL-VPN 4.0.0.0-16sv that serves typically four to six people at once. Occassionally, I get a call saying that the user is in a connect/disconnect loop with the device. I see nothing unsual about the device, other users might be connected persistenly at the same time.

It happens enough that I wonder if something is configured wrong on the systems side. I cannot find much on the knowledgebase or from tech support, or from Google on such an issue. Thought I would try this forum for suggestions or advice. The users are connecting the netextender client on Vista.

There are some properties settings such enable/disable use TCPv6 that I wonder if anyone has experimented with. I have also started asking users to enable and send their debug log.--I can't see much in the system debug log.
0
Comment
Question by:rzup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33588949
I see what you mean.  I found something about Ubuntu having some issues and a solutioin for that loop, but can't find much of anything else.  There is a long drawn out forum thread where they've experienced your exact issue, but no solution has emerged.  Have you tried to uninstall the Netextender client completely?  Since the original installation, have you gone through a firmware and subsequent client upgrade?  Is it only one user?
0
 
LVL 1

Author Comment

by:rzup
ID: 33590657
Different users have reported this. Most users are happy and have no problems.. I have not asked anyone to resinstall--I might try that next.. The firmware was upgraded a few months ago, but this complalint, though intermittent, spans several firmware patches.
It's just enough users to make me suspect something systemic rather than isolated issues. Also, if they keep trying for awhile, they eventually get connected for good. So, for example, I might have  a user complain at 9am that she has spend an hour getting knocked off every few minutes. In the course of communicating, maybe by 10: 30 she connects and is happy from then on. Suggesting that the client is fine.
Users insist their network connection is good and nothing else is affected.
Thanks.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33590803
I would assume if it was something hardware related, then it would affect everyone at once and occur more often.  I'm of the mind that the client needs to be removed and the current version that's installed from the ssl-vpn installed.  I'd do it on one user and wait it out.

This sounds almost like a misconfigured MTU.  Are you using this appliance in conjuction with a sonicwall UTM appliance?  If so, do you use the GVC with the UTM?  You might consider looking at this article I posted that walks through setting this.

http://www.experts-exchange.com/viewArticle.jsp?aid=3110
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 1

Author Comment

by:rzup
ID: 33591233
We do not use UTM. That is a very interesting post and configuraiton. I'm reviewing those settings now. Thanks.
0
 
LVL 1

Author Comment

by:rzup
ID: 33591281
It doesn't look like this model has an "Advanced Tab" within the interfaces configuraiton.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33591431
Oh...my MTU suggestion was meant for the Cisco, but perhaps you haven't deployed the ssl-vpn through your firewall.  Do you have the SSL-VPN connected directly to the Internet?  One of the configurations of the SSL-VPN appliance is to have it go through a Sonicwall firewall (or UTM).  Which deployment method are you using?

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6122
0
 
LVL 1

Author Comment

by:rzup
ID: 33591486
Ours is deployed directly to the Internet--it has an interface with a public IP versus being behind our firewall.
0
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33591511
Hmmm...I think I'm going to stick with the client theory for now.
0
 
LVL 1

Author Closing Comment

by:rzup
ID: 33939080
It seems the client rebooting his or her wireless router solves the issue. Still not certain why.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33939911
Restarts are quite overlooked...i guess they are too simple and we think it HAS to be a solution that is more complex...>GRIN<!  Thanks for the points!
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question