• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 896
  • Last Modified:

Can't ping resources after establishing a PPTP VPN

After I establish a PPTP VPN connection to my server, I can't ping anything.  My network consist of Verizon Fios router, SonicWALL TZ 100 (sits behind Fios router), SBS 2008, Windows 7 and Windows XP.  Any help will be appreciated.  Thanks.
0
Infotech2008
Asked:
Infotech2008
  • 6
  • 3
  • 2
  • +1
1 Solution
 
scrabyCommented:
are you establishing vpn to the tz100 or the sbs box?
0
 
Blue Street TechLast KnightsCommented:
Hi Infotech2008,

Setup the proper configuration on the SonicWALL to allow PPTP to pass through by the Public Server Wizard located at the top right hand side once you login to the SonicWALL.

Basically it will auto create all the necessary fields:
Address Objects
NAT Policies
Access Rules
0
 
scrabyCommented:
sorry, missed yur first sentence where you connect to server......diverseit is correct, you need to allow pptp pass through the tz100 and the wizard is the easiest way
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
Infotech2008Author Commented:
I am establishing VPN connection to the SBS box.  Thanks.
0
 
Infotech2008Author Commented:
Before Verizon fios, we were using Cox Business Internet and VPN was working like a charm.  When we switched, the VPN stopped working.  Nothing changed on the SonicWALL.  On the Verizon Fios router sitting in front of my SonicWALL, is setup to port forward to 1723 and GRE to SonicWALL and SonicWALL to server IP address.  I am successfully able to connect but I am not able to ping.
0
 
Blue Street TechLast KnightsCommented:
There is a difference in the gear the ISP supplied though. COX typically supplies a modem or a Ethernet-ready cable, FIOS you say is providing a router. In the COX setup port forwarding would occur on the SonicWALL as it should but now with a router you shouldn't need to port forward on the router but rather route the external IPs to the SonicWALL so that it can handle port forwarding. If you can setup the router into bridge mode if possible. I'd call FIOS support to see if it can be done on your specific router.
0
 
Rob WilliamsCommented:
Did you create the VPN using RRAS or the SBS wizard under SBS console | neetwok | connectivity?
If used RRAS you should right click on the server in the RRAS console, choose disable, then run the SBS wizard.  The wizard configures the VPN, Firewall, routing, and NPS.
0
 
Infotech2008Author Commented:
0
 
Infotech2008Author Commented:
Did disable and used the wizard in RRAS.
0
 
Rob WilliamsCommented:
You have two NAT devices; Verizon router and Sonicwall.  PPTP does not like dual NAT.  In the past I have only seen this fixed by putting the Verizon router in Bridge mode.  This eliminates its NAT feature and assignes the public IP to the Sonicwall.  On it port 1723 needs to be forwearded to the server and GRE passthrough enabled on the Sonicwall.

Does your Sonicwall have licensing for an IPSec VPN?  That would be more secure and perform slightly better than the Windows PPTP VPN.
0
 
Infotech2008Author Commented:
According to Verizon tech support, it cannot be set to bridge mode.  No, it does not have IPSec VPN license.  Does IPSec VPN works with dual NAT?  So, you are telling me that PPTP will not work with my current configuration.  Correct?  I am not surprised, I searched online and didn't come across a fix.  My client made up his mind to switch back to Cox Internet.  The modem was set to bridge mode.
0
 
Rob WilliamsCommented:
I have never seen it work with two NAT routers.  You can get it to connect by forwarding port 1723 from the vrizon to the Sonciwall and then forward 1723 from the Sonicwall to the server, but GRE doen't work over the dual NAT so communication fails.

The only other solution I have seen, but not tried, is to put the Sonicwall in the DMZ of the first router, in your case the Verizon.  All trafic is forwarded to the DMZ and then you configure as you would normally on the Sonicwall.

If you were to configire the IPSec VPN on the Sonicwall it's not diual NAT because there is only one router between the the VPN server, the Sonicwall, and the Interernet.  It still has to support NAT-T (NAT-Traversal) but almost all IPSec VPN's do these days.

I always have to ask:  Do you really need a VPN?
SBS allows access to the server in so many ways to access so many services a VPN is seldom needed.  SBS supports RWW/RWA, Sharepoint, Shared foldders, Webmail, and rpc/http.
VPNs have a major security flaw, a wide open tunnel between the corporate network and a remote unmanaged computer and network.
0
 
Infotech2008Author Commented:
My client feels comfortable with VPN config.  RWW is setup and good to go as an alternative.  He is old school.  I appreciate your help.  Thanks.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now