Solved

Barracuda SSLVPN Cannot see one server

Posted on 2014-02-14
11
194 Views
Last Modified: 2014-03-04
When connecting via a Barracuda SSLVPN to a private network we can see all the servers except one.  Does not matter if it is a Windows or Mac workstation.

The server is up and available locally on the network.  The network is a flat network.

Anyone out there with some Barracuda SSLVPN expertise point me in a direction to solve this issue?
0
Comment
Question by:ParadiseITS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 6

Expert Comment

by:aschaef217
ID: 39859759
When you say flat network, do you mean that the servers and SSL VPN clients all have an IP address in the same subnet?  Can you check the IP address settings on that server and make sure that there is a default gateway set that matches all of the other servers?  Last thing just to verify that the windows firewall is turned off.

If you can get to everything except for a single server, I would say that it isn't your SSL VPN that is the issue, but rather a setting on the server itself.
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39865752
Thank you for the reply.  I have checked the gateway and that is set properly.  All the IP settings seem appropriate but I've identified a new wrinkle that maybe will help...

The server (OS X 10.6.8) has 4 NICs that are bonded into one logical NIC.  I noticed these errors in the System Log that may or may not help...

Feb 17 14:58:29 Staffserver /usr/sbin/serveradmin[17144]: servermgr_dhcp:bootp config:Error:Subnets '169.254 Ethernet 2' and '169.254 Ethernet 1' have overlapping ranges: '169.254.0.2-169.254.255.253' overlaps '169.254.0.2-169.254.255.253' - '169.254 Ethernet 1' is not active
Feb 17 14:58:29 Staffserver /usr/sbin/serveradmin[17144]: servermgr_dhcp:bootp config:Error:Subnets '169.254 Ethernet 2' and '169.254 PCI Ethernet Slot 1, Port 2' have overlapping ranges: '169.254.0.2-169.254.255.253' overlaps '169.254.0.2-169.254.255.253' - '169.254 PCI Ethernet Slot 1, Port 2' is not active

Trouble is... when I look at the NICs in System Preferences they say no problems.  And additionally, the users claim it works "sometimes".
0
 
LVL 6

Expert Comment

by:aschaef217
ID: 39865763
In OS X are all 4 of the Ethernet adapters set to DHCP?  It looks like to setup the bond correctly, all 4 physical adapters need to be set to DHCP, then you need to create a new virtual interface using the 4 NICs and assign your IP address to that virtual interface.  Lastly you want to set the service order and make sure that the virtual interface is above all of the physical NICs in the list.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 6

Expert Comment

by:aschaef217
ID: 39865771
My other question would be, how are these 4 ports aggregated on the switch side?
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39865795
The ports are all set to DHCP -- however they all have the same IP address -- which seems suspect.  The virtual bonded NIC has a good (static) IP address.

I'm not sure about the switch side, I'll have to check.
0
 
LVL 6

Expert Comment

by:aschaef217
ID: 39865972
According to the OS X configuration guides, all of the physical ports need to be set to DHCP.  The address they have is an automatic private IP address which is correct.  They should not have a valid IP address on any of the physical NICs, just the virtual interface. Can you verify that the virtual NIC has a gateway defined under the IP address settings.  Did you also confirm that the virtual bonded NIC interface is listed above the 4 physical NICs in the service order list:

To change the priority of a network port configuration:

Choose Apple menu > System Preferences and click Network.

Choose Set Service Order from the Action pop-up menu (looks like a gear).

Drag a service, such as Ethernet, to the top of the list.

Click OK, and then click Apply to make the new settings active.
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39870423
Here is a copy of the config file from the 3COM Baseline 2948 switch.

I don't see anything amiss here -- and the log files do not show any issues with traffic passing through the ports in question (45-48).

Any thoughts?  I am checking the service load order, although this server hasn't actually restarted for over a year.
3comranger48.txt
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39870452
So - just to confirm - in the Service Order List, my bonded adapter (4GB Mega Link) should be first in the list?  

Here is the list as it stands right now:
Built in Serial Port (1)
FireWire
Ethernet 1
Ethernet 2
PCI Ethernet Slot 1, Port 1
PCI Ethernet Slot 1, Port 2
4GB Mega Link

If I understood your post properly, it should actually read:
4GB Mega Link
Built in Serial Port (1)
FireWire
Ethernet 1
Ethernet 2
PCI Ethernet Slot 1, Port 1
PCI Ethernet Slot 1, Port 2
0
 
LVL 6

Expert Comment

by:aschaef217
ID: 39870492
Yes, on the service order list you should have the 4GB Mega Link listed above all of the Ethernet adapters which are bonded. I will look over the switch config shortly.
0
 
LVL 9

Accepted Solution

by:
ParadiseITS earned 0 total points
ID: 39893546
Issue not resolved.
0
 
LVL 9

Author Closing Comment

by:ParadiseITS
ID: 39902790
Issue not resolved.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Is your computer hacked? learn how to detect and delete malware in your PC
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question