Solved

VPN via SonicWall has stopped working

Posted on 2013-01-14
8
391 Views
Last Modified: 2013-02-03
Working with a SonicWall TZ170 and four machines configured to accept remote desktop connections through the SonicWall TZ 170.  All four VPN connections have worked fine for several months. The machines are three XP workstations and (1) Windows 2008 server R2.

Last week the connections stopped working. So far we have the following:

All remote users can successfully connect to the Sonicwall.
If they attempt to use RDP to connect to their machine the connection fails with the usual MS rdp error about cannot connect, check the machine has remote access enabled etc etc.

Within the premises, rdp to each of the machines works.  It is only when the RDP connection is attempted through the firewall that it fails.

In the process of troubleshooting I have:
Turned off Windows firewall
Turned off Vipre Anti-virus business (which does not have a firewall)
No change.

I can ping each machine from a remote machine... but have some odd behavior...

When I ping, I get (1) reply... then the next (3) time out.  Any subsequent ping attempts receive (4) time outs.

If I ping another address, I get the identical behavior... one reply then time out and subsequent attempts get (4) time outs.

The "Terminal Services" services (named Remote Desktop on the server)  on all four machines are running.

Baffled.  Suggestions welcome.
0
Comment
Question by:Tomster2
  • 5
  • 2
8 Comments
 
LVL 2

Expert Comment

by:cchighman
Comment Utility
Sounds like a NATing issue on the router itself.  Can you verify the current running config is accurate ?  This is assuming the gateway is set to the router without sing any routing and remote services from the win 2008 box.
0
 
LVL 16

Expert Comment

by:choward16980
Comment Utility
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24237489.html
This guy says nuke the router, download newest firmware then reconfigure tunnels and rules.  Should work....  Yikes.


You may try setting up RDP gateway server for terminal services (uses port 443 instead of 3389).  I use it and it has eliminated the brute force attacks my public servers used to see.
0
 
LVL 2

Expert Comment

by:cchighman
Comment Utility
Don't nuke it yet.  Post config.
0
 
LVL 2

Expert Comment

by:cchighman
Comment Utility
If you're having those type of ping issues, sounds like a routing issue.  It's very likely no public ports will route if 3389 won't unless you have customized ACLs for it.  Post config and also post the ip, mask, and gateway from one of the clients.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Expert Comment

by:cchighman
Comment Utility
I just reread your post.  These remote VPN connections that cannot access RDP and fail after ping strongly points to an ACL or routing rule.  It's probably a really quick fix.
0
 

Accepted Solution

by:
Tomster2 earned 0 total points
Comment Utility
The ping issued finally turned a light bulb on.

If the ping was not consistent then any communication could be suspect... so even though no one was experiencing issues with any other programs or server communication we decided to look at what manages the communication between the SonicWall, the server and the workstations.... the switch.

We rebooted the switch and everything is happy again.  We like happy!

Thanks for the additional suggestions... some of them I had thought of - but REALLY wanted to avoid going there if possible. In this case procrastination paid off.
0
 
LVL 2

Expert Comment

by:cchighman
Comment Utility
Congratulations :)  Does your switch allow to see CRC errors or IO errors? It should also be noticeable from interface stats.  You may want to look at the switchover buffers to see if any packets are getting dropped or CPU usage.  All in all, rebooting premise equipment usually does miracles but only when the device is either really old or in an environment out of spec for its resources.
0
 

Author Closing Comment

by:Tomster2
Comment Utility
I came up with the solution that solved the problem and it was significantly different that the other options suggested.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

I was at a customer and we recently set up a new DNS Server.  I asked him to ensure that all servers pointed to the new server.  140 remote servers – estimated 6 days of work to do this manually. Ever had this experience and just need to get the …
Transparency shows that a company is the kind of business that it wants people to think it is.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now