[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 657
  • Last Modified:


Hello all this is going to take a big of time to explain but I want to put as many if not all the facts here.

I have a  Sonicwall TZ210 with the latest firmware

I have it configured for the Internet and 2 LAN subnets

I have a Site to site VPN that works fine, it connects to a remote subnet of 192.168.10.X

I have a GVC VPN setup and connects with no problem, I am using LDAP from the server so that user can connect to the VPN with their Domain user name and account.

I have the DHCP setup to my Domain controller and I get all the info from it. IP Address, subnet, DNS Server, 2 of which are my internal ones.  So the IP address I get when I connect to the VPN is 10.10.10.X subnet, the same as the internal subnet.

The 2 subnets that I have on 2 different subnets are 192.168.168.X and 10.10.10.X on 2 different interface.

Ok this is what I can do:

I can connect to the sonicwall with the GVC
I can Ping the (Sonicwall address X2)
I can Ping the (sonicwall address X0)
I can ping anything on the old subnet 192.168.168.X
I can ping anything on the other side of the site to site vpn 192.168.10.X no problem
I can resolve DNS on everything in the network

I can ping all my other server (10 total) but this is where it gets tricky some I ping and I get 1 response only then it times out, I will ping again and again only one response. Other servers I can ping –t and they will always respond to me. NOW that being said it changes every time I log on with the VPN client sometime will ping fine and then the next time I connect I can only get 1 ping and it times out. I will then disconnect and reconnect the VPN client and will not be able to get more than one ping from the servers I was previous able to ping with no problem and then other server that I could only ping once the connection before I can ping with no issues.

Also as long as I am not on the 10.10.10.X subnet I can ALWAYS ping the IP address and resolve DNS to the 192.168.168.X and the 192.168.10.X subnet (this subnet is over the site to site vpn).

I have looked at my logs and they give me nothing, I have search the Internet and gotten nothing, so anything you guy can do to help would be great.
  • 4
1 Solution
maxeybAuthor Commented:
BTW my remote subnet that I am coming in from is 192.168.36.X

1) ensure that your site to site vpn's have the same mtu size
2) there is no packet inspection on the traffic

routing for the two sites [subnets] are configured okay

ping and dns are allowed through the subnets

if you establish a vpn connection, ensure that you vpn connection is not setup for default gaetway metric.

maxeybAuthor Commented:

I just want to make sure everyone is aware I am having NO issue with the site to site VPN it works perfectly. The issue that I am having is with the GVC I connect ok I am able to ping the Sonicwall the old subnet 192.168.168.X and the Subent on the far side of the site to site VPN with no issue but once I try to ping my servers it is a coin toss. One time I will be able to get to the DC and not the Web server. The next time I won't be able to get to the DC but I can connect to the Web Server. Some Server I can ping with no problem and RDP and other I ping once and the it times out.

Now I think I have narrowed it down to either a switch issue or that I have the old subnet (I am running 2 different internal subnets that might be causing the problem). This weekend I had disconnected the old subnet from the switch and remoted in and everthing worked great. I am think that is my main issue but I also have a managed switch that is dying and will have a replacement tomorrow.

BTW as a answer to your other question. The MTU is the same size and Packet inspection is not turned on.

Thanks for the reply I will update this ticket once I have the new switch installed.

maxeybAuthor Commented:
Ok so I know what the problem was on how it was configured, it seems having 2 different subnets on the same sonicwall interfered with each other not allow access to the 10.10.10.X subnet, I still don't know how to fix THIS issue, so what I did was move everything I had on the old subnet of 192.168.168.x and remove the interface from the sonicwall. Once I did that I had no issues with the new subnet of 10.10.10.X.
maxeybAuthor Commented:
I never had to much input into this question and in the end I had to move everything to one subnet to make it work.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now