Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 415
  • Last Modified:

VPN via SonicWall has stopped working

Working with a SonicWall TZ170 and four machines configured to accept remote desktop connections through the SonicWall TZ 170.  All four VPN connections have worked fine for several months. The machines are three XP workstations and (1) Windows 2008 server R2.

Last week the connections stopped working. So far we have the following:

All remote users can successfully connect to the Sonicwall.
If they attempt to use RDP to connect to their machine the connection fails with the usual MS rdp error about cannot connect, check the machine has remote access enabled etc etc.

Within the premises, rdp to each of the machines works.  It is only when the RDP connection is attempted through the firewall that it fails.

In the process of troubleshooting I have:
Turned off Windows firewall
Turned off Vipre Anti-virus business (which does not have a firewall)
No change.

I can ping each machine from a remote machine... but have some odd behavior...

When I ping, I get (1) reply... then the next (3) time out.  Any subsequent ping attempts receive (4) time outs.

If I ping another address, I get the identical behavior... one reply then time out and subsequent attempts get (4) time outs.

The "Terminal Services" services (named Remote Desktop on the server)  on all four machines are running.

Baffled.  Suggestions welcome.
0
Tomster2
Asked:
Tomster2
  • 5
  • 2
1 Solution
 
cchighmanCommented:
Sounds like a NATing issue on the router itself.  Can you verify the current running config is accurate ?  This is assuming the gateway is set to the router without sing any routing and remote services from the win 2008 box.
0
 
Chris HInfrastructure ManagerCommented:
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24237489.html
This guy says nuke the router, download newest firmware then reconfigure tunnels and rules.  Should work....  Yikes.


You may try setting up RDP gateway server for terminal services (uses port 443 instead of 3389).  I use it and it has eliminated the brute force attacks my public servers used to see.
0
 
cchighmanCommented:
Don't nuke it yet.  Post config.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
cchighmanCommented:
If you're having those type of ping issues, sounds like a routing issue.  It's very likely no public ports will route if 3389 won't unless you have customized ACLs for it.  Post config and also post the ip, mask, and gateway from one of the clients.
0
 
cchighmanCommented:
I just reread your post.  These remote VPN connections that cannot access RDP and fail after ping strongly points to an ACL or routing rule.  It's probably a really quick fix.
0
 
Tomster2Author Commented:
The ping issued finally turned a light bulb on.

If the ping was not consistent then any communication could be suspect... so even though no one was experiencing issues with any other programs or server communication we decided to look at what manages the communication between the SonicWall, the server and the workstations.... the switch.

We rebooted the switch and everything is happy again.  We like happy!

Thanks for the additional suggestions... some of them I had thought of - but REALLY wanted to avoid going there if possible. In this case procrastination paid off.
0
 
cchighmanCommented:
Congratulations :)  Does your switch allow to see CRC errors or IO errors? It should also be noticeable from interface stats.  You may want to look at the switchover buffers to see if any packets are getting dropped or CPU usage.  All in all, rebooting premise equipment usually does miracles but only when the device is either really old or in an environment out of spec for its resources.
0
 
Tomster2Author Commented:
I came up with the solution that solved the problem and it was significantly different that the other options suggested.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now