Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 488
  • Last Modified:

Strange Site to Site VPN problem

Hi

I have several site to site VPN tunnels set up between a RV042 and several Vigor2820 routers at remote sites.

I also have a web application running on a Server in the home office site.

On the RV042 all web traffic is forwarded to the internal LAN IP of the PC hosting the web App.

External users can get to the web app be entering the external IP of the home office site.

At site one I have a Vigor2820n and a site to site VPN tunnel set up with the home office RV042, with this connected users can access the web app either via the external IP of the home office site or the internal IP of the host Server since it is connected through the VPN. This works how it should.

At site two I have a Vigor2820 (slightly older version) when I connect the site to site VPN tunnel users can no longer connect to the web app using the external IP but can connect using the internal IP via the VPN, if I disable the tunnel the user can connect to the web app using the external address again.

I have thought about updating the firmware on the older Vigor2820 but it is at a remote site so not too keen do to this until I am back there.

Does anyone have any ideas what might be causing the issue.

Thanks
0
compbuild
Asked:
compbuild
1 Solution
 
ComsycoCommented:
If you can access the Vigor 2820 remotely (without a VPN) I would suggest scrapping the VPN config and setting it up again at both ends making sure to mirror the settings you have on the working device. Not sure what else to advise on this one if the settings are the same external IPs shouldn't get blocked by starting a VPN...
0
 
compbuildAuthor Commented:
Just deleted and re-added the site to site VPN, still the same issue, very strange
0
 
ComsycoCommented:
The 2820's.. are they routers as well or are they configured just as firewalls?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
compbuildAuthor Commented:
They are routers and dhcp servers for the LANs
0
 
shadowmantxCommented:
Check site 2 Vigor for routing internet traffic.  Perhaps you have route all internet traffic to the other VPN site.  Because when you disable the tunnel it will force all traffic to internet and then the external IP works.
0
 
ComsycoCommented:
I'm running out of suggestions... Apart from upgrading the firmware or trying a spare vigor if you have any for the remote site.
0
 
compbuildAuthor Commented:
The internet traffic isn't being routed through the VPN as far as I can tell, it shouldn't matter anyway because at the main site the user can use the internal or external IP address to access the Application.

Thanks for the input I appreciate it is a strange problem, I may have to wait until I can visit the site again to update the firmware and run some other tests
0
 
ComsycoCommented:
Do you have support or contacts at Draytek or your supplier that might be able to shed some light on this problem?
0
 
compbuildAuthor Commented:
I tried Drayek support but no help from them has yet, just to update the I am trying to hit the web app with a domain name we have registered like

webapp.companyname.co.uk

I can ping this OK with the VPN connected but it will not display the page in Internet explorer, this domain name resolves to our domain registration companies IP and not the IP of my home site
0
 
ComsycoCommented:
you don't have host file entries in for this or strange DNS setup that could be trying to connect to something over the VPN when its live but when not connected fails over and works?
0
 
compbuildAuthor Commented:

Thanks for the input Comsyco

I have some host file entries for other servers in the home site, but they shouldn't affect it and I just tried it with the host file entries removed and the same issue persists.

Looking at and ipconfig/all the DNS setting remain the same with the VPN is active or not
0
 
ComsycoCommented:
what if you create a host entry for your webapp host name and see if it will work when forced to a certain IP?
0
 
compbuildAuthor Commented:
I gave it a try but the result is the same, the address resolves to the ip address in the status bar of IE so it is getting the correct IP which makes me think it isn't a DNS problem
0
 
ComsycoCommented:
fair enough. could be routing but I don't have access to any drayteks anymore (we swapped them all out for SonicWALLs) so cannot even check where the settings might be for routing. Try the firmware next time you can and let me know how you get on. I think that is the next step to try.
0
 
compbuildAuthor Commented:
Just tried a tracert from both sites, from the non working site it isn't getting past the draytek so looks like it doesn't know how to route given the the IP for the webapp and the VPN are the same, must be some setting in there, I will keep looking, thanks for your input so far.

0
 
ComsycoCommented:
No problem sorry I couldn't be of more help. I used to use vigors alot but I don't have a single one that I can access anymore... sorry! :-/
0
 
chaseturboCommented:
do the vigors have split tunneling for internet traffic...if use that configuration to separate traffice flow.
0
 
compbuildAuthor Commented:
Just to update, I have managed to update the firmware on the router and this has solved the issue.

Thanks to all for your input
0
 
compbuildAuthor Commented:
Firmware update solved the problem
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now