Solved

Can't ping resources after establishing a PPTP VPN

Posted on 2013-12-09
13
872 Views
Last Modified: 2013-12-10
After I establish a PPTP VPN connection to my server, I can't ping anything.  My network consist of Verizon Fios router, SonicWALL TZ 100 (sits behind Fios router), SBS 2008, Windows 7 and Windows XP.  Any help will be appreciated.  Thanks.
0
Comment
Question by:Infotech2008
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 7

Expert Comment

by:scraby
ID: 39707263
are you establishing vpn to the tz100 or the sbs box?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39707293
Hi Infotech2008,

Setup the proper configuration on the SonicWALL to allow PPTP to pass through by the Public Server Wizard located at the top right hand side once you login to the SonicWALL.

Basically it will auto create all the necessary fields:
Address Objects
NAT Policies
Access Rules
0
 
LVL 7

Expert Comment

by:scraby
ID: 39707297
sorry, missed yur first sentence where you connect to server......diverseit is correct, you need to allow pptp pass through the tz100 and the wizard is the easiest way
0
 

Author Comment

by:Infotech2008
ID: 39707460
I am establishing VPN connection to the SBS box.  Thanks.
0
 

Author Comment

by:Infotech2008
ID: 39707464
Before Verizon fios, we were using Cox Business Internet and VPN was working like a charm.  When we switched, the VPN stopped working.  Nothing changed on the SonicWALL.  On the Verizon Fios router sitting in front of my SonicWALL, is setup to port forward to 1723 and GRE to SonicWALL and SonicWALL to server IP address.  I am successfully able to connect but I am not able to ping.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39707863
There is a difference in the gear the ISP supplied though. COX typically supplies a modem or a Ethernet-ready cable, FIOS you say is providing a router. In the COX setup port forwarding would occur on the SonicWALL as it should but now with a router you shouldn't need to port forward on the router but rather route the external IPs to the SonicWALL so that it can handle port forwarding. If you can setup the router into bridge mode if possible. I'd call FIOS support to see if it can be done on your specific router.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 39708407
Did you create the VPN using RRAS or the SBS wizard under SBS console | neetwok | connectivity?
If used RRAS you should right click on the server in the RRAS console, choose disable, then run the SBS wizard.  The wizard configures the VPN, Firewall, routing, and NPS.
0
 

Author Comment

by:Infotech2008
ID: 39708926
0
 

Author Comment

by:Infotech2008
ID: 39708939
Did disable and used the wizard in RRAS.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39709735
You have two NAT devices; Verizon router and Sonicwall.  PPTP does not like dual NAT.  In the past I have only seen this fixed by putting the Verizon router in Bridge mode.  This eliminates its NAT feature and assignes the public IP to the Sonicwall.  On it port 1723 needs to be forwearded to the server and GRE passthrough enabled on the Sonicwall.

Does your Sonicwall have licensing for an IPSec VPN?  That would be more secure and perform slightly better than the Windows PPTP VPN.
0
 

Author Comment

by:Infotech2008
ID: 39709770
According to Verizon tech support, it cannot be set to bridge mode.  No, it does not have IPSec VPN license.  Does IPSec VPN works with dual NAT?  So, you are telling me that PPTP will not work with my current configuration.  Correct?  I am not surprised, I searched online and didn't come across a fix.  My client made up his mind to switch back to Cox Internet.  The modem was set to bridge mode.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 39709806
I have never seen it work with two NAT routers.  You can get it to connect by forwarding port 1723 from the vrizon to the Sonciwall and then forward 1723 from the Sonicwall to the server, but GRE doen't work over the dual NAT so communication fails.

The only other solution I have seen, but not tried, is to put the Sonicwall in the DMZ of the first router, in your case the Verizon.  All trafic is forwarded to the DMZ and then you configure as you would normally on the Sonicwall.

If you were to configire the IPSec VPN on the Sonicwall it's not diual NAT because there is only one router between the the VPN server, the Sonicwall, and the Interernet.  It still has to support NAT-T (NAT-Traversal) but almost all IPSec VPN's do these days.

I always have to ask:  Do you really need a VPN?
SBS allows access to the server in so many ways to access so many services a VPN is seldom needed.  SBS supports RWW/RWA, Sharepoint, Shared foldders, Webmail, and rpc/http.
VPNs have a major security flaw, a wide open tunnel between the corporate network and a remote unmanaged computer and network.
0
 

Author Comment

by:Infotech2008
ID: 39709820
My client feels comfortable with VPN config.  RWW is setup and good to go as an alternative.  He is old school.  I appreciate your help.  Thanks.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Microsoft  Partnership 1 68
Aero theme is getting disabled. 3 38
please tell me windows 1-10 7 61
smartboard connectivity and software 6 36
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now