Solved

Can't ping resources after establishing a PPTP VPN

Posted on 2013-12-09
13
881 Views
Last Modified: 2013-12-10
After I establish a PPTP VPN connection to my server, I can't ping anything.  My network consist of Verizon Fios router, SonicWALL TZ 100 (sits behind Fios router), SBS 2008, Windows 7 and Windows XP.  Any help will be appreciated.  Thanks.
0
Comment
Question by:Infotech2008
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 7

Expert Comment

by:scraby
ID: 39707263
are you establishing vpn to the tz100 or the sbs box?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39707293
Hi Infotech2008,

Setup the proper configuration on the SonicWALL to allow PPTP to pass through by the Public Server Wizard located at the top right hand side once you login to the SonicWALL.

Basically it will auto create all the necessary fields:
Address Objects
NAT Policies
Access Rules
0
 
LVL 7

Expert Comment

by:scraby
ID: 39707297
sorry, missed yur first sentence where you connect to server......diverseit is correct, you need to allow pptp pass through the tz100 and the wizard is the easiest way
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Infotech2008
ID: 39707460
I am establishing VPN connection to the SBS box.  Thanks.
0
 

Author Comment

by:Infotech2008
ID: 39707464
Before Verizon fios, we were using Cox Business Internet and VPN was working like a charm.  When we switched, the VPN stopped working.  Nothing changed on the SonicWALL.  On the Verizon Fios router sitting in front of my SonicWALL, is setup to port forward to 1723 and GRE to SonicWALL and SonicWALL to server IP address.  I am successfully able to connect but I am not able to ping.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39707863
There is a difference in the gear the ISP supplied though. COX typically supplies a modem or a Ethernet-ready cable, FIOS you say is providing a router. In the COX setup port forwarding would occur on the SonicWALL as it should but now with a router you shouldn't need to port forward on the router but rather route the external IPs to the SonicWALL so that it can handle port forwarding. If you can setup the router into bridge mode if possible. I'd call FIOS support to see if it can be done on your specific router.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39708407
Did you create the VPN using RRAS or the SBS wizard under SBS console | neetwok | connectivity?
If used RRAS you should right click on the server in the RRAS console, choose disable, then run the SBS wizard.  The wizard configures the VPN, Firewall, routing, and NPS.
0
 

Author Comment

by:Infotech2008
ID: 39708926
0
 

Author Comment

by:Infotech2008
ID: 39708939
Did disable and used the wizard in RRAS.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39709735
You have two NAT devices; Verizon router and Sonicwall.  PPTP does not like dual NAT.  In the past I have only seen this fixed by putting the Verizon router in Bridge mode.  This eliminates its NAT feature and assignes the public IP to the Sonicwall.  On it port 1723 needs to be forwearded to the server and GRE passthrough enabled on the Sonicwall.

Does your Sonicwall have licensing for an IPSec VPN?  That would be more secure and perform slightly better than the Windows PPTP VPN.
0
 

Author Comment

by:Infotech2008
ID: 39709770
According to Verizon tech support, it cannot be set to bridge mode.  No, it does not have IPSec VPN license.  Does IPSec VPN works with dual NAT?  So, you are telling me that PPTP will not work with my current configuration.  Correct?  I am not surprised, I searched online and didn't come across a fix.  My client made up his mind to switch back to Cox Internet.  The modem was set to bridge mode.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 39709806
I have never seen it work with two NAT routers.  You can get it to connect by forwarding port 1723 from the vrizon to the Sonciwall and then forward 1723 from the Sonicwall to the server, but GRE doen't work over the dual NAT so communication fails.

The only other solution I have seen, but not tried, is to put the Sonicwall in the DMZ of the first router, in your case the Verizon.  All trafic is forwarded to the DMZ and then you configure as you would normally on the Sonicwall.

If you were to configire the IPSec VPN on the Sonicwall it's not diual NAT because there is only one router between the the VPN server, the Sonicwall, and the Interernet.  It still has to support NAT-T (NAT-Traversal) but almost all IPSec VPN's do these days.

I always have to ask:  Do you really need a VPN?
SBS allows access to the server in so many ways to access so many services a VPN is seldom needed.  SBS supports RWW/RWA, Sharepoint, Shared foldders, Webmail, and rpc/http.
VPNs have a major security flaw, a wide open tunnel between the corporate network and a remote unmanaged computer and network.
0
 

Author Comment

by:Infotech2008
ID: 39709820
My client feels comfortable with VPN config.  RWW is setup and good to go as an alternative.  He is old school.  I appreciate your help.  Thanks.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
,Cab files - .log files 10 49
Lost FireFox Bookmarks 6 40
Chocolatey with PowerShell is not working again 2 37
Program files permissions 1 15
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question