Have to PING to establish connection to other side of the VPN Tunnel
Hi,
I have two physical sites. Site A and Site B. Both sites have different Private IP schemes. Site A has Domain Controller + Exchange Server 2003 and also has an ISA 2006 server. Site B also has an ISA 2006 server. The ISA server's in both sites make a PPTP site to site VPN. However, Site A actually has a SonicWALL device which is default gateway for all LAN. So for VPN, a reverse route has been added onto SonicWALL.
For some strange reason, everyday, any domain user that starts her work in Site B, has to PING the server before her Outlook can get connected to the Exchange Server. Similar is the case for any other server. First PING, then any other transport will follow, like Remote Desktop etc.
Just cannot understand what is wrong here. DNS, suffixes etc. is all fine and working.
Please help me understand this scenario.
I have two physical sites. Site A and Site B. Both sites have different Private IP schemes. Site A has Domain Controller + Exchange Server 2003 and also has an ISA 2006 server. Site B also has an ISA 2006 server. The ISA server's in both sites make a PPTP site to site VPN. However, Site A actually has a SonicWALL device which is default gateway for all LAN. So for VPN, a reverse route has been added onto SonicWALL.
For some strange reason, everyday, any domain user that starts her work in Site B, has to PING the server before her Outlook can get connected to the Exchange Server. Similar is the case for any other server. First PING, then any other transport will follow, like Remote Desktop etc.
Just cannot understand what is wrong here. DNS, suffixes etc. is all fine and working.
Please help me understand this scenario.
Suliman Abu Kharroub
does nslookup returns answers from site B ?
Some devices will drop the VPN due ti inactivity. I recommend checking for a VPN keep-alive or timeout setting. The VPN will be re-established automatically but unless you have a pay-per-usage connection there's not much reason to let it drop.
A quick alternative would be to setup a connectivity verifier in the ISA gui that checks for the service availability. This is also often used as the keepalive packet.
ASKER
NSLookup (when done from Site B) does return results from site A. Reverse isnt' required as the main AD, DNS and Exchange are in Site A. We have an ADC in Site B configured with DNS Secondary zone. That is not an issue.
See, when I do e.g. "ping DC.SiteA.com" from Site B, it immediately works and returns results. Along with the results, outlook starts working as well. I have tested it even after doing "IPConfig /flushdns".
The timeout settings for Dial In and PPTP are both set to "NEVER". That should not be an issue to.
Note that earlier, we have been using IPSec VPN Tunnel and such issue didn't exist.
We discarded IPSec for some reason.
Thanks.
See, when I do e.g. "ping DC.SiteA.com" from Site B, it immediately works and returns results. Along with the results, outlook starts working as well. I have tested it even after doing "IPConfig /flushdns".
The timeout settings for Dial In and PPTP are both set to "NEVER". That should not be an issue to.
Note that earlier, we have been using IPSec VPN Tunnel and such issue didn't exist.
We discarded IPSec for some reason.
Thanks.
Of course it wouldn't - IPsec has its own keepalive.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Because none of the answers were applicable to my scenario and I found the solution completely on my own.