Solved

VPN via SonicWall has stopped working

Posted on 2013-01-14
8
392 Views
Last Modified: 2013-02-03
Working with a SonicWall TZ170 and four machines configured to accept remote desktop connections through the SonicWall TZ 170.  All four VPN connections have worked fine for several months. The machines are three XP workstations and (1) Windows 2008 server R2.

Last week the connections stopped working. So far we have the following:

All remote users can successfully connect to the Sonicwall.
If they attempt to use RDP to connect to their machine the connection fails with the usual MS rdp error about cannot connect, check the machine has remote access enabled etc etc.

Within the premises, rdp to each of the machines works.  It is only when the RDP connection is attempted through the firewall that it fails.

In the process of troubleshooting I have:
Turned off Windows firewall
Turned off Vipre Anti-virus business (which does not have a firewall)
No change.

I can ping each machine from a remote machine... but have some odd behavior...

When I ping, I get (1) reply... then the next (3) time out.  Any subsequent ping attempts receive (4) time outs.

If I ping another address, I get the identical behavior... one reply then time out and subsequent attempts get (4) time outs.

The "Terminal Services" services (named Remote Desktop on the server)  on all four machines are running.

Baffled.  Suggestions welcome.
0
Comment
Question by:Tomster2
  • 5
  • 2
8 Comments
 
LVL 2

Expert Comment

by:cchighman
ID: 38776230
Sounds like a NATing issue on the router itself.  Can you verify the current running config is accurate ?  This is assuming the gateway is set to the router without sing any routing and remote services from the win 2008 box.
0
 
LVL 16

Expert Comment

by:choward16980
ID: 38776263
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24237489.html
This guy says nuke the router, download newest firmware then reconfigure tunnels and rules.  Should work....  Yikes.


You may try setting up RDP gateway server for terminal services (uses port 443 instead of 3389).  I use it and it has eliminated the brute force attacks my public servers used to see.
0
 
LVL 2

Expert Comment

by:cchighman
ID: 38776284
Don't nuke it yet.  Post config.
0
 
LVL 2

Expert Comment

by:cchighman
ID: 38776296
If you're having those type of ping issues, sounds like a routing issue.  It's very likely no public ports will route if 3389 won't unless you have customized ACLs for it.  Post config and also post the ip, mask, and gateway from one of the clients.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 2

Expert Comment

by:cchighman
ID: 38776383
I just reread your post.  These remote VPN connections that cannot access RDP and fail after ping strongly points to an ACL or routing rule.  It's probably a really quick fix.
0
 

Accepted Solution

by:
Tomster2 earned 0 total points
ID: 38776396
The ping issued finally turned a light bulb on.

If the ping was not consistent then any communication could be suspect... so even though no one was experiencing issues with any other programs or server communication we decided to look at what manages the communication between the SonicWall, the server and the workstations.... the switch.

We rebooted the switch and everything is happy again.  We like happy!

Thanks for the additional suggestions... some of them I had thought of - but REALLY wanted to avoid going there if possible. In this case procrastination paid off.
0
 
LVL 2

Expert Comment

by:cchighman
ID: 38776408
Congratulations :)  Does your switch allow to see CRC errors or IO errors? It should also be noticeable from interface stats.  You may want to look at the switchover buffers to see if any packets are getting dropped or CPU usage.  All in all, rebooting premise equipment usually does miracles but only when the device is either really old or in an environment out of spec for its resources.
0
 

Author Closing Comment

by:Tomster2
ID: 38848312
I came up with the solution that solved the problem and it was significantly different that the other options suggested.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now