Have to PING to establish connection to other side of the VPN Tunnel


I have two physical sites. Site A and Site B. Both sites have different Private IP schemes. Site A has Domain Controller + Exchange Server 2003 and also has an ISA 2006 server. Site B also has an ISA 2006 server. The ISA server's in both sites make a PPTP site to site VPN. However, Site A actually has a SonicWALL device which is default gateway for all LAN. So for VPN, a reverse route has been added onto SonicWALL.

For some strange reason, everyday, any domain user that starts her work in Site B, has to PING the server before her Outlook can get connected to the Exchange Server. Similar is the case for any other server. First PING, then any other transport will follow, like Remote Desktop etc.

Just cannot understand what is wrong here. DNS, suffixes etc. is all fine and working.

Please help me understand this scenario.
Ghayur AbbasTechnical HeadAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Suliman Abu KharroubIT Consultant Commented:
does nslookup returns answers from site B ?
Some devices will drop the VPN due ti inactivity. I recommend checking for a VPN keep-alive or timeout setting. The VPN will be re-established automatically but unless you have a pay-per-usage connection there's not much reason to let it drop.
Keith AlabasterEnterprise ArchitectCommented:
A quick alternative would be to setup a connectivity verifier in the ISA gui that checks for the service availability. This is also often used as the keepalive packet.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Ghayur AbbasTechnical HeadAuthor Commented:
NSLookup (when done from Site B) does return results from site A. Reverse isnt' required as the main AD, DNS and Exchange are in Site A. We have an ADC in Site B configured with DNS Secondary zone. That is not an issue.

See, when I do e.g. "ping DC.SiteA.com" from Site B, it immediately works and returns results. Along with the results, outlook starts working as well. I have tested it even after doing "IPConfig /flushdns".

The timeout settings for Dial In and PPTP are both set to "NEVER". That should not be an issue to.

Note that earlier, we have been using IPSec VPN Tunnel and such issue didn't exist.

We discarded IPSec for some reason.

Keith AlabasterEnterprise ArchitectCommented:
Of course it wouldn't - IPsec has its own keepalive.
Ghayur AbbasTechnical HeadAuthor Commented:
Thanks all for the support. I figured out this was because of SonicWALL. So, for the DC and other critically required servers, I added a persistent static route on each of them. This way, any client's (Outlook) packet coming from Site B to DC (in Site A) does not have to get routed thru SonicWALL on its way back to Site B.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ghayur AbbasTechnical HeadAuthor Commented:
Because none of the answers were applicable to my scenario and I found the solution completely on my own.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.