Posted on 2012-03-28
Last Modified: 2012-06-27
Hello all this is going to take a big of time to explain but I want to put as many if not all the facts here.

I have a  Sonicwall TZ210 with the latest firmware

I have it configured for the Internet and 2 LAN subnets

I have a Site to site VPN that works fine, it connects to a remote subnet of 192.168.10.X

I have a GVC VPN setup and connects with no problem, I am using LDAP from the server so that user can connect to the VPN with their Domain user name and account.

I have the DHCP setup to my Domain controller and I get all the info from it. IP Address, subnet, DNS Server, 2 of which are my internal ones.  So the IP address I get when I connect to the VPN is 10.10.10.X subnet, the same as the internal subnet.

The 2 subnets that I have on 2 different subnets are 192.168.168.X and 10.10.10.X on 2 different interface.

Ok this is what I can do:

I can connect to the sonicwall with the GVC
I can Ping the (Sonicwall address X2)
I can Ping the (sonicwall address X0)
I can ping anything on the old subnet 192.168.168.X
I can ping anything on the other side of the site to site vpn 192.168.10.X no problem
I can resolve DNS on everything in the network

I can ping all my other server (10 total) but this is where it gets tricky some I ping and I get 1 response only then it times out, I will ping again and again only one response. Other servers I can ping –t and they will always respond to me. NOW that being said it changes every time I log on with the VPN client sometime will ping fine and then the next time I connect I can only get 1 ping and it times out. I will then disconnect and reconnect the VPN client and will not be able to get more than one ping from the servers I was previous able to ping with no problem and then other server that I could only ping once the connection before I can ping with no issues.

Also as long as I am not on the 10.10.10.X subnet I can ALWAYS ping the IP address and resolve DNS to the 192.168.168.X and the 192.168.10.X subnet (this subnet is over the site to site vpn).

I have looked at my logs and they give me nothing, I have search the Internet and gotten nothing, so anything you guy can do to help would be great.
Question by:maxeyb
  • 4

Author Comment

ID: 37780188
BTW my remote subnet that I am coming in from is 192.168.36.X

LVL 12

Expert Comment

ID: 37785022
1) ensure that your site to site vpn's have the same mtu size
2) there is no packet inspection on the traffic

routing for the two sites [subnets] are configured okay

ping and dns are allowed through the subnets

if you establish a vpn connection, ensure that you vpn connection is not setup for default gaetway metric.


Author Comment

ID: 37798967

I just want to make sure everyone is aware I am having NO issue with the site to site VPN it works perfectly. The issue that I am having is with the GVC I connect ok I am able to ping the Sonicwall the old subnet 192.168.168.X and the Subent on the far side of the site to site VPN with no issue but once I try to ping my servers it is a coin toss. One time I will be able to get to the DC and not the Web server. The next time I won't be able to get to the DC but I can connect to the Web Server. Some Server I can ping with no problem and RDP and other I ping once and the it times out.

Now I think I have narrowed it down to either a switch issue or that I have the old subnet (I am running 2 different internal subnets that might be causing the problem). This weekend I had disconnected the old subnet from the switch and remoted in and everthing worked great. I am think that is my main issue but I also have a managed switch that is dying and will have a replacement tomorrow.

BTW as a answer to your other question. The MTU is the same size and Packet inspection is not turned on.

Thanks for the reply I will update this ticket once I have the new switch installed.


Accepted Solution

maxeyb earned 0 total points
ID: 37898701
Ok so I know what the problem was on how it was configured, it seems having 2 different subnets on the same sonicwall interfered with each other not allow access to the 10.10.10.X subnet, I still don't know how to fix THIS issue, so what I did was move everything I had on the old subnet of 192.168.168.x and remove the interface from the sonicwall. Once I did that I had no issues with the new subnet of 10.10.10.X.

Author Closing Comment

ID: 37913871
I never had to much input into this question and in the end I had to move everything to one subnet to make it work.

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question