[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 657
  • Last Modified:

Sonicwall

Hello all this is going to take a big of time to explain but I want to put as many if not all the facts here.

I have a  Sonicwall TZ210 with the latest firmware

I have it configured for the Internet and 2 LAN subnets

I have a Site to site VPN that works fine, it connects to a remote subnet of 192.168.10.X

I have a GVC VPN setup and connects with no problem, I am using LDAP from the server so that user can connect to the VPN with their Domain user name and account.

I have the DHCP setup to my Domain controller and I get all the info from it. IP Address, subnet, DNS Server, 2 of which are my internal ones.  So the IP address I get when I connect to the VPN is 10.10.10.X subnet, the same as the internal subnet.

The 2 subnets that I have on 2 different subnets are 192.168.168.X and 10.10.10.X on 2 different interface.

Ok this is what I can do:

I can connect to the sonicwall with the GVC
I can Ping the 192.168.168.1 (Sonicwall address X2)
I can Ping the 10.10.10.1 (sonicwall address X0)
I can ping anything on the old subnet 192.168.168.X
I can ping anything on the other side of the site to site vpn 192.168.10.X no problem
I can resolve DNS on everything in the network

I can ping all my other server (10 total) but this is where it gets tricky some I ping and I get 1 response only then it times out, I will ping again and again only one response. Other servers I can ping –t and they will always respond to me. NOW that being said it changes every time I log on with the VPN client sometime 10.10.10.20 will ping fine and then the next time I connect I can only get 1 ping and it times out. I will then disconnect and reconnect the VPN client and will not be able to get more than one ping from the servers I was previous able to ping with no problem and then other server that I could only ping once the connection before I can ping with no issues.

Also as long as I am not on the 10.10.10.X subnet I can ALWAYS ping the IP address and resolve DNS to the 192.168.168.X and the 192.168.10.X subnet (this subnet is over the site to site vpn).

I have looked at my logs and they give me nothing, I have search the Internet and gotten nothing, so anything you guy can do to help would be great.
0
maxeyb
Asked:
maxeyb
  • 4
1 Solution
 
maxeybAuthor Commented:
BTW my remote subnet that I am coming in from is 192.168.36.X

Thanks
Bill
0
 
S00007359Commented:
2 THINGS;
1) ensure that your site to site vpn's have the same mtu size
2) there is no packet inspection on the traffic

routing for the two sites [subnets] are configured okay

ping and dns are allowed through the subnets

if you establish a vpn connection, ensure that you vpn connection is not setup for default gaetway metric.

cheers
0
 
maxeybAuthor Commented:
Hello,

I just want to make sure everyone is aware I am having NO issue with the site to site VPN it works perfectly. The issue that I am having is with the GVC I connect ok I am able to ping the Sonicwall the old subnet 192.168.168.X and the Subent on the far side of the site to site VPN with no issue but once I try to ping my servers it is a coin toss. One time I will be able to get to the DC and not the Web server. The next time I won't be able to get to the DC but I can connect to the Web Server. Some Server I can ping with no problem and RDP and other I ping once and the it times out.

Now I think I have narrowed it down to either a switch issue or that I have the old subnet (I am running 2 different internal subnets that might be causing the problem). This weekend I had disconnected the old subnet from the switch and remoted in and everthing worked great. I am think that is my main issue but I also have a managed switch that is dying and will have a replacement tomorrow.

BTW as a answer to your other question. The MTU is the same size and Packet inspection is not turned on.

Thanks for the reply I will update this ticket once I have the new switch installed.


Thanks
Bill
0
 
maxeybAuthor Commented:
Ok so I know what the problem was on how it was configured, it seems having 2 different subnets on the same sonicwall interfered with each other not allow access to the 10.10.10.X subnet, I still don't know how to fix THIS issue, so what I did was move everything I had on the old subnet of 192.168.168.x and remove the interface from the sonicwall. Once I did that I had no issues with the new subnet of 10.10.10.X.
0
 
maxeybAuthor Commented:
I never had to much input into this question and in the end I had to move everything to one subnet to make it work.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now