[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now



Posted on 2012-03-28
Medium Priority
Last Modified: 2012-06-27
Hello all this is going to take a big of time to explain but I want to put as many if not all the facts here.

I have a  Sonicwall TZ210 with the latest firmware

I have it configured for the Internet and 2 LAN subnets

I have a Site to site VPN that works fine, it connects to a remote subnet of 192.168.10.X

I have a GVC VPN setup and connects with no problem, I am using LDAP from the server so that user can connect to the VPN with their Domain user name and account.

I have the DHCP setup to my Domain controller and I get all the info from it. IP Address, subnet, DNS Server, 2 of which are my internal ones.  So the IP address I get when I connect to the VPN is 10.10.10.X subnet, the same as the internal subnet.

The 2 subnets that I have on 2 different subnets are 192.168.168.X and 10.10.10.X on 2 different interface.

Ok this is what I can do:

I can connect to the sonicwall with the GVC
I can Ping the (Sonicwall address X2)
I can Ping the (sonicwall address X0)
I can ping anything on the old subnet 192.168.168.X
I can ping anything on the other side of the site to site vpn 192.168.10.X no problem
I can resolve DNS on everything in the network

I can ping all my other server (10 total) but this is where it gets tricky some I ping and I get 1 response only then it times out, I will ping again and again only one response. Other servers I can ping –t and they will always respond to me. NOW that being said it changes every time I log on with the VPN client sometime will ping fine and then the next time I connect I can only get 1 ping and it times out. I will then disconnect and reconnect the VPN client and will not be able to get more than one ping from the servers I was previous able to ping with no problem and then other server that I could only ping once the connection before I can ping with no issues.

Also as long as I am not on the 10.10.10.X subnet I can ALWAYS ping the IP address and resolve DNS to the 192.168.168.X and the 192.168.10.X subnet (this subnet is over the site to site vpn).

I have looked at my logs and they give me nothing, I have search the Internet and gotten nothing, so anything you guy can do to help would be great.
Question by:maxeyb
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4

Author Comment

ID: 37780188
BTW my remote subnet that I am coming in from is 192.168.36.X

LVL 12

Expert Comment

ID: 37785022
1) ensure that your site to site vpn's have the same mtu size
2) there is no packet inspection on the traffic

routing for the two sites [subnets] are configured okay

ping and dns are allowed through the subnets

if you establish a vpn connection, ensure that you vpn connection is not setup for default gaetway metric.


Author Comment

ID: 37798967

I just want to make sure everyone is aware I am having NO issue with the site to site VPN it works perfectly. The issue that I am having is with the GVC I connect ok I am able to ping the Sonicwall the old subnet 192.168.168.X and the Subent on the far side of the site to site VPN with no issue but once I try to ping my servers it is a coin toss. One time I will be able to get to the DC and not the Web server. The next time I won't be able to get to the DC but I can connect to the Web Server. Some Server I can ping with no problem and RDP and other I ping once and the it times out.

Now I think I have narrowed it down to either a switch issue or that I have the old subnet (I am running 2 different internal subnets that might be causing the problem). This weekend I had disconnected the old subnet from the switch and remoted in and everthing worked great. I am think that is my main issue but I also have a managed switch that is dying and will have a replacement tomorrow.

BTW as a answer to your other question. The MTU is the same size and Packet inspection is not turned on.

Thanks for the reply I will update this ticket once I have the new switch installed.


Accepted Solution

maxeyb earned 0 total points
ID: 37898701
Ok so I know what the problem was on how it was configured, it seems having 2 different subnets on the same sonicwall interfered with each other not allow access to the 10.10.10.X subnet, I still don't know how to fix THIS issue, so what I did was move everything I had on the old subnet of 192.168.168.x and remove the interface from the sonicwall. Once I did that I had no issues with the new subnet of 10.10.10.X.

Author Closing Comment

ID: 37913871
I never had to much input into this question and in the end I had to move everything to one subnet to make it work.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question