• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 640
  • Last Modified:

No Internet Access with SnapGear 720

A client has a Snapgear 720 and it has stopped accessing the network at their main office.  From what they told me, it started several days ago when the internet would stop working and then start working after a few minutes.  This repeated several times an hour.  Now there is no internet at all.
They have two remote offices with Snapgear 560 that are setup as VPN.  They also have a VoIP phone system.  When the internet goes down at the main office, the VPN connections and Internet are still good at the remote offices, but the phones at the remote offices are down (not at the main office).
I was on the phone with Snapgear support for over two hours and nothing was resolved.
Troubleshooting:
The LAN address of the router is 192.168.0.1
From a workstation, I am able to ping Google and external IP addresses.
I connected a workstation directly to the router LAN port and it was still not able to connect (a couple of times it connected but very slow and was not able to download all the web page items).

The system log has many errors that begin with:
"proxy80[116]: Unable to connect to http://www..."  www is followed by the address it tried to connect to.

One thing I noticed is that under Access Control only Internet is enabled and it has a "Web Proxy Port" set as 81.  I'm not sure if this is an issue (it is set to 81 on the remote Snapgear devices as well).

As far as I know, nothing was changed on the network.  I am not familiar with their setup so I am kind of flying blind here.  

My understanding is that their phones are on a 192.168.1.0/24 subnet.  There is a Snapgear 560 at the main office connected to the E port of the 720.  
The E port is configured as:
LAN, Static, 192.168.1.1, Gateway: 192.168.1.2, DNS: 192.168.1.2.

Needless to say, this is critical.  I don't know what other information is needed to assist with the resolution.
BTW, RDP also works fine.  They have a Windows 2003 R2 server.  It is a DC and a terminal server.
0
beyondt
Asked:
beyondt
  • 8
  • 7
1 Solution
 
Patmac951Commented:
For testing purposes on one of the computers have you tried to remove/bypass the Proxy address?  This could also be a DNS issue, for testing purposes on one computer you could assign a static IP address along with a static DNS that is outside your network, you could use 4.2.2.2 for testing.  Then see if you can browse the internet.

Secondly on one of the computers if you could go to a command prompt and type the following command then post the results that would be helpful in troubleshooting this problem.

The command is: ipconfig /all
0
 
beyondtAuthor Commented:
I need to go on site to work on this.  I will be there in about an hour.  I'll reply and hopefully we can work on this.
Thanks
0
 
Patmac951Commented:
Ok.  I should be around my office for the next couple of hours.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
beyondtAuthor Commented:
Hi,

Here are two IPCONFIG's.  One is the Static and the other is the DHCP.
STATIC: I was able to browse with the DNS set to 4.2.2.2.  But it was painfully slow.
I see one major problem with the DHCP: The DHCP, Gateway and DNS are all pointing to 192.168.0.200.  From what they are telling me, that is the Nortel phone system.  The Snapgear is 192.168.0.1, which should be at least the DHCP and Gateway.  The DNS should be the Domain Controller (192.168.0.2).  At least I assume that is the case since this is a domain and DNS is, in fact running on the server (Windows 2003 R2).

I am going to test a static IP with the .0.1 s the DNS and see what happens.
IPCONFIG-1.txt
0
 
Patmac951Commented:
Ok so again for testing purposes set a static IP address on the NIC and use 192.168.0.1 (SnapGear) as the gateway and set a static DNS to 192.168.0.2 (Domain Controller running DNS) and then try to browse the internet.

It appears you might have two DHCP servers installed on the network and this could be causing your problems.  The DHCP for the phone system should only be accessed by the VOIP phones.
0
 
beyondtAuthor Commented:
I anticipated your request.  When using 0.2 as DNS, I was able to browse, it was very slow again, but possibly marginally faster that using 4.2.2.2.  While connected via 0.2, I went to Speedtest.net, but got a latency error.

I am wondering if there is a bandwidth issue...  Is there a way to see the amount of traffic?
0
 
beyondtAuthor Commented:
I did a trace rout to Google (attached).  It seems like the response time is reasonable.
IPCONFIG-1.txt
0
 
Patmac951Commented:
I am not very familiar with the SnapGear interface but if you were getting a latency error while running a speed test you could definitely be experiencing a high traffic volume.  Within the SnapGear there should be some sort of log views or real time traffic monitoring.

Or you could use a product like Solar Winds:
http://www.solarwinds.com/downloads/

If seems like you have the unable to browse the internet issue under control, this appears to be a DHCP issue where the computers are picking up the Phone system as the DHCP server and that is why they are unable to browse.  Having two DHCP servers on the same network can be very trouble some.  Now it appears you are having problems with speed when browsing the internet.  How many computers are at this location?
0
 
beyondtAuthor Commented:
There are only about 15 computers at the main location.  And, since they can't browse, they should not be taking up andy bandwidth.  The Telepacific tech said that there was a 30% usage (I belive he said it was upload) after hours, when the place is shut down.   Very curious...
0
 
Patmac951Commented:
If there are only 15 computers and without effecting the Phone system DHCP you might want to consider assigning static IP addresses to all the computer and use the SnapGear 192.168.01 as the gateway and the Domain controller 192.168.0.2 as the DNS server.  This should at least solve your browsing issues for the time being.

The after hours uploads could be application or OS updates that are scheduled to be pushed out to each computer. As far as the slow browsing try to run a speed test from this site and let me know what the download and upload speeds are. http://www.bandwidthplace.com/
0
 
beyondtAuthor Commented:
I am changing the workstation IPs to static.  It has very little effect, but they are intermitantly getting on the web.  A quick question: I just noticed that the server C drive has less than 1GB on a 38GB drive.  Do you think that would have anything to do with this?

Thanks
0
 
Patmac951Commented:
So changing the client computers to static IP addresses does not fix the internet browsing issue?  Even with static IP's they still have a problem browsing the internet?  If this is the case DNS does not appear to be the issue.

I need to read all of our posts again in detail because after glancing at them I am little confused, when the computers are set for DHCP they get the address from 192.168.0.200 (DHCP Server) and you say that is the phone system. But in your initial post you said port E on the Snapgear was set for the phone system was at the network 192.168.1.0/24
So what device is 192.168.0.200?  Can you ping 192.168.0.200?  For testing purposes if you shutdown the phone system can you still ping 192.168.0.200

I wish I had more time to analyze your initial posts and all your replies but I have dinner plans with friends and have to leave right now.  From your initial post it sounds like it was working fine just a few days ago then it stopped working, you have to determine what changed on the network from when it was working to when it stopped working.  I will be around tomorrow morning between 7:00am and 10:00am PST United States and will check my email.  However there maybe another expert on this site that can help you in the meantime....if this is extremely urgent you might want to repost the question as new.  

0
 
beyondtAuthor Commented:
I assumed that the Snapgear device connected to port E was the phone system, but I actually don't know why is is there.  Some of the printers have a 192.168.1.x IP address and they are being used by the 192.168.0.x computers.
When browsing to the ip address 192.168.0.200, the phone system login screen opens.  I find it strange that the phone system and the computers would be on the same subnte, although I don't know enough about VoIP to judge.

The person who installed the phones is supposed to contact the client today.  I hope he can resolve this.  I will update you. Please offer and other input you might have.
0
 
beyondtAuthor Commented:
So, it turns out that the major problem seems to have been a Packet Filter Input Rule which accepted any service from any destination to any source.  Disabling that rulle and some other items that were not needed, seemed to have resolved the problem.  Once the desktop IPs are set to the proper parameters, browsing is normal.  Now I need to inform the Phone tech that the Nortel switch needs to have it's DHCP disabled.

Thamks for your input, support and patience!

Bill
0
 
Patmac951Commented:
Bill,

I am glad you got it resolved.  Sorry for not getting back to the post earlier I have been at clients all day.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now