Solved

VPN via SonicWall has stopped working

Posted on 2013-01-14
8
398 Views
Last Modified: 2013-02-03
Working with a SonicWall TZ170 and four machines configured to accept remote desktop connections through the SonicWall TZ 170.  All four VPN connections have worked fine for several months. The machines are three XP workstations and (1) Windows 2008 server R2.

Last week the connections stopped working. So far we have the following:

All remote users can successfully connect to the Sonicwall.
If they attempt to use RDP to connect to their machine the connection fails with the usual MS rdp error about cannot connect, check the machine has remote access enabled etc etc.

Within the premises, rdp to each of the machines works.  It is only when the RDP connection is attempted through the firewall that it fails.

In the process of troubleshooting I have:
Turned off Windows firewall
Turned off Vipre Anti-virus business (which does not have a firewall)
No change.

I can ping each machine from a remote machine... but have some odd behavior...

When I ping, I get (1) reply... then the next (3) time out.  Any subsequent ping attempts receive (4) time outs.

If I ping another address, I get the identical behavior... one reply then time out and subsequent attempts get (4) time outs.

The "Terminal Services" services (named Remote Desktop on the server)  on all four machines are running.

Baffled.  Suggestions welcome.
0
Comment
Question by:Tomster2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 2

Expert Comment

by:cchighman
ID: 38776230
Sounds like a NATing issue on the router itself.  Can you verify the current running config is accurate ?  This is assuming the gateway is set to the router without sing any routing and remote services from the win 2008 box.
0
 
LVL 16

Expert Comment

by:choward16980
ID: 38776263
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24237489.html
This guy says nuke the router, download newest firmware then reconfigure tunnels and rules.  Should work....  Yikes.


You may try setting up RDP gateway server for terminal services (uses port 443 instead of 3389).  I use it and it has eliminated the brute force attacks my public servers used to see.
0
 
LVL 2

Expert Comment

by:cchighman
ID: 38776284
Don't nuke it yet.  Post config.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 2

Expert Comment

by:cchighman
ID: 38776296
If you're having those type of ping issues, sounds like a routing issue.  It's very likely no public ports will route if 3389 won't unless you have customized ACLs for it.  Post config and also post the ip, mask, and gateway from one of the clients.
0
 
LVL 2

Expert Comment

by:cchighman
ID: 38776383
I just reread your post.  These remote VPN connections that cannot access RDP and fail after ping strongly points to an ACL or routing rule.  It's probably a really quick fix.
0
 

Accepted Solution

by:
Tomster2 earned 0 total points
ID: 38776396
The ping issued finally turned a light bulb on.

If the ping was not consistent then any communication could be suspect... so even though no one was experiencing issues with any other programs or server communication we decided to look at what manages the communication between the SonicWall, the server and the workstations.... the switch.

We rebooted the switch and everything is happy again.  We like happy!

Thanks for the additional suggestions... some of them I had thought of - but REALLY wanted to avoid going there if possible. In this case procrastination paid off.
0
 
LVL 2

Expert Comment

by:cchighman
ID: 38776408
Congratulations :)  Does your switch allow to see CRC errors or IO errors? It should also be noticeable from interface stats.  You may want to look at the switchover buffers to see if any packets are getting dropped or CPU usage.  All in all, rebooting premise equipment usually does miracles but only when the device is either really old or in an environment out of spec for its resources.
0
 

Author Closing Comment

by:Tomster2
ID: 38848312
I came up with the solution that solved the problem and it was significantly different that the other options suggested.
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question