Solved

Can't ping resources after establishing a PPTP VPN

Posted on 2013-12-09
13
869 Views
Last Modified: 2013-12-10
After I establish a PPTP VPN connection to my server, I can't ping anything.  My network consist of Verizon Fios router, SonicWALL TZ 100 (sits behind Fios router), SBS 2008, Windows 7 and Windows XP.  Any help will be appreciated.  Thanks.
0
Comment
Question by:Infotech2008
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 7

Expert Comment

by:scraby
Comment Utility
are you establishing vpn to the tz100 or the sbs box?
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
Hi Infotech2008,

Setup the proper configuration on the SonicWALL to allow PPTP to pass through by the Public Server Wizard located at the top right hand side once you login to the SonicWALL.

Basically it will auto create all the necessary fields:
Address Objects
NAT Policies
Access Rules
0
 
LVL 7

Expert Comment

by:scraby
Comment Utility
sorry, missed yur first sentence where you connect to server......diverseit is correct, you need to allow pptp pass through the tz100 and the wizard is the easiest way
0
 

Author Comment

by:Infotech2008
Comment Utility
I am establishing VPN connection to the SBS box.  Thanks.
0
 

Author Comment

by:Infotech2008
Comment Utility
Before Verizon fios, we were using Cox Business Internet and VPN was working like a charm.  When we switched, the VPN stopped working.  Nothing changed on the SonicWALL.  On the Verizon Fios router sitting in front of my SonicWALL, is setup to port forward to 1723 and GRE to SonicWALL and SonicWALL to server IP address.  I am successfully able to connect but I am not able to ping.
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
There is a difference in the gear the ISP supplied though. COX typically supplies a modem or a Ethernet-ready cable, FIOS you say is providing a router. In the COX setup port forwarding would occur on the SonicWALL as it should but now with a router you shouldn't need to port forward on the router but rather route the external IPs to the SonicWALL so that it can handle port forwarding. If you can setup the router into bridge mode if possible. I'd call FIOS support to see if it can be done on your specific router.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Did you create the VPN using RRAS or the SBS wizard under SBS console | neetwok | connectivity?
If used RRAS you should right click on the server in the RRAS console, choose disable, then run the SBS wizard.  The wizard configures the VPN, Firewall, routing, and NPS.
0
 

Author Comment

by:Infotech2008
Comment Utility
0
 

Author Comment

by:Infotech2008
Comment Utility
Did disable and used the wizard in RRAS.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
You have two NAT devices; Verizon router and Sonicwall.  PPTP does not like dual NAT.  In the past I have only seen this fixed by putting the Verizon router in Bridge mode.  This eliminates its NAT feature and assignes the public IP to the Sonicwall.  On it port 1723 needs to be forwearded to the server and GRE passthrough enabled on the Sonicwall.

Does your Sonicwall have licensing for an IPSec VPN?  That would be more secure and perform slightly better than the Windows PPTP VPN.
0
 

Author Comment

by:Infotech2008
Comment Utility
According to Verizon tech support, it cannot be set to bridge mode.  No, it does not have IPSec VPN license.  Does IPSec VPN works with dual NAT?  So, you are telling me that PPTP will not work with my current configuration.  Correct?  I am not surprised, I searched online and didn't come across a fix.  My client made up his mind to switch back to Cox Internet.  The modem was set to bridge mode.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
I have never seen it work with two NAT routers.  You can get it to connect by forwarding port 1723 from the vrizon to the Sonciwall and then forward 1723 from the Sonicwall to the server, but GRE doen't work over the dual NAT so communication fails.

The only other solution I have seen, but not tried, is to put the Sonicwall in the DMZ of the first router, in your case the Verizon.  All trafic is forwarded to the DMZ and then you configure as you would normally on the Sonicwall.

If you were to configire the IPSec VPN on the Sonicwall it's not diual NAT because there is only one router between the the VPN server, the Sonicwall, and the Interernet.  It still has to support NAT-T (NAT-Traversal) but almost all IPSec VPN's do these days.

I always have to ask:  Do you really need a VPN?
SBS allows access to the server in so many ways to access so many services a VPN is seldom needed.  SBS supports RWW/RWA, Sharepoint, Shared foldders, Webmail, and rpc/http.
VPNs have a major security flaw, a wide open tunnel between the corporate network and a remote unmanaged computer and network.
0
 

Author Comment

by:Infotech2008
Comment Utility
My client feels comfortable with VPN config.  RWW is setup and good to go as an alternative.  He is old school.  I appreciate your help.  Thanks.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
OfficeMate Freezes on login or does not load after login credentials are input.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now