Solved

Can't ping resources after establishing a PPTP VPN

Posted on 2013-12-09
13
878 Views
Last Modified: 2013-12-10
After I establish a PPTP VPN connection to my server, I can't ping anything.  My network consist of Verizon Fios router, SonicWALL TZ 100 (sits behind Fios router), SBS 2008, Windows 7 and Windows XP.  Any help will be appreciated.  Thanks.
0
Comment
Question by:Infotech2008
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 7

Expert Comment

by:scraby
ID: 39707263
are you establishing vpn to the tz100 or the sbs box?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39707293
Hi Infotech2008,

Setup the proper configuration on the SonicWALL to allow PPTP to pass through by the Public Server Wizard located at the top right hand side once you login to the SonicWALL.

Basically it will auto create all the necessary fields:
Address Objects
NAT Policies
Access Rules
0
 
LVL 7

Expert Comment

by:scraby
ID: 39707297
sorry, missed yur first sentence where you connect to server......diverseit is correct, you need to allow pptp pass through the tz100 and the wizard is the easiest way
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:Infotech2008
ID: 39707460
I am establishing VPN connection to the SBS box.  Thanks.
0
 

Author Comment

by:Infotech2008
ID: 39707464
Before Verizon fios, we were using Cox Business Internet and VPN was working like a charm.  When we switched, the VPN stopped working.  Nothing changed on the SonicWALL.  On the Verizon Fios router sitting in front of my SonicWALL, is setup to port forward to 1723 and GRE to SonicWALL and SonicWALL to server IP address.  I am successfully able to connect but I am not able to ping.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39707863
There is a difference in the gear the ISP supplied though. COX typically supplies a modem or a Ethernet-ready cable, FIOS you say is providing a router. In the COX setup port forwarding would occur on the SonicWALL as it should but now with a router you shouldn't need to port forward on the router but rather route the external IPs to the SonicWALL so that it can handle port forwarding. If you can setup the router into bridge mode if possible. I'd call FIOS support to see if it can be done on your specific router.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39708407
Did you create the VPN using RRAS or the SBS wizard under SBS console | neetwok | connectivity?
If used RRAS you should right click on the server in the RRAS console, choose disable, then run the SBS wizard.  The wizard configures the VPN, Firewall, routing, and NPS.
0
 

Author Comment

by:Infotech2008
ID: 39708926
0
 

Author Comment

by:Infotech2008
ID: 39708939
Did disable and used the wizard in RRAS.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39709735
You have two NAT devices; Verizon router and Sonicwall.  PPTP does not like dual NAT.  In the past I have only seen this fixed by putting the Verizon router in Bridge mode.  This eliminates its NAT feature and assignes the public IP to the Sonicwall.  On it port 1723 needs to be forwearded to the server and GRE passthrough enabled on the Sonicwall.

Does your Sonicwall have licensing for an IPSec VPN?  That would be more secure and perform slightly better than the Windows PPTP VPN.
0
 

Author Comment

by:Infotech2008
ID: 39709770
According to Verizon tech support, it cannot be set to bridge mode.  No, it does not have IPSec VPN license.  Does IPSec VPN works with dual NAT?  So, you are telling me that PPTP will not work with my current configuration.  Correct?  I am not surprised, I searched online and didn't come across a fix.  My client made up his mind to switch back to Cox Internet.  The modem was set to bridge mode.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 39709806
I have never seen it work with two NAT routers.  You can get it to connect by forwarding port 1723 from the vrizon to the Sonciwall and then forward 1723 from the Sonicwall to the server, but GRE doen't work over the dual NAT so communication fails.

The only other solution I have seen, but not tried, is to put the Sonicwall in the DMZ of the first router, in your case the Verizon.  All trafic is forwarded to the DMZ and then you configure as you would normally on the Sonicwall.

If you were to configire the IPSec VPN on the Sonicwall it's not diual NAT because there is only one router between the the VPN server, the Sonicwall, and the Interernet.  It still has to support NAT-T (NAT-Traversal) but almost all IPSec VPN's do these days.

I always have to ask:  Do you really need a VPN?
SBS allows access to the server in so many ways to access so many services a VPN is seldom needed.  SBS supports RWW/RWA, Sharepoint, Shared foldders, Webmail, and rpc/http.
VPNs have a major security flaw, a wide open tunnel between the corporate network and a remote unmanaged computer and network.
0
 

Author Comment

by:Infotech2008
ID: 39709820
My client feels comfortable with VPN config.  RWW is setup and good to go as an alternative.  He is old school.  I appreciate your help.  Thanks.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question