• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 199
  • Last Modified:

Barracuda SSLVPN Cannot see one server

When connecting via a Barracuda SSLVPN to a private network we can see all the servers except one.  Does not matter if it is a Windows or Mac workstation.

The server is up and available locally on the network.  The network is a flat network.

Anyone out there with some Barracuda SSLVPN expertise point me in a direction to solve this issue?
0
ParadiseITS
Asked:
ParadiseITS
  • 6
  • 5
1 Solution
 
aschaef217Commented:
When you say flat network, do you mean that the servers and SSL VPN clients all have an IP address in the same subnet?  Can you check the IP address settings on that server and make sure that there is a default gateway set that matches all of the other servers?  Last thing just to verify that the windows firewall is turned off.

If you can get to everything except for a single server, I would say that it isn't your SSL VPN that is the issue, but rather a setting on the server itself.
0
 
ParadiseITSAuthor Commented:
Thank you for the reply.  I have checked the gateway and that is set properly.  All the IP settings seem appropriate but I've identified a new wrinkle that maybe will help...

The server (OS X 10.6.8) has 4 NICs that are bonded into one logical NIC.  I noticed these errors in the System Log that may or may not help...

Feb 17 14:58:29 Staffserver /usr/sbin/serveradmin[17144]: servermgr_dhcp:bootp config:Error:Subnets '169.254 Ethernet 2' and '169.254 Ethernet 1' have overlapping ranges: '169.254.0.2-169.254.255.253' overlaps '169.254.0.2-169.254.255.253' - '169.254 Ethernet 1' is not active
Feb 17 14:58:29 Staffserver /usr/sbin/serveradmin[17144]: servermgr_dhcp:bootp config:Error:Subnets '169.254 Ethernet 2' and '169.254 PCI Ethernet Slot 1, Port 2' have overlapping ranges: '169.254.0.2-169.254.255.253' overlaps '169.254.0.2-169.254.255.253' - '169.254 PCI Ethernet Slot 1, Port 2' is not active

Trouble is... when I look at the NICs in System Preferences they say no problems.  And additionally, the users claim it works "sometimes".
0
 
aschaef217Commented:
In OS X are all 4 of the Ethernet adapters set to DHCP?  It looks like to setup the bond correctly, all 4 physical adapters need to be set to DHCP, then you need to create a new virtual interface using the 4 NICs and assign your IP address to that virtual interface.  Lastly you want to set the service order and make sure that the virtual interface is above all of the physical NICs in the list.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
aschaef217Commented:
My other question would be, how are these 4 ports aggregated on the switch side?
0
 
ParadiseITSAuthor Commented:
The ports are all set to DHCP -- however they all have the same IP address -- which seems suspect.  The virtual bonded NIC has a good (static) IP address.

I'm not sure about the switch side, I'll have to check.
0
 
aschaef217Commented:
According to the OS X configuration guides, all of the physical ports need to be set to DHCP.  The address they have is an automatic private IP address which is correct.  They should not have a valid IP address on any of the physical NICs, just the virtual interface. Can you verify that the virtual NIC has a gateway defined under the IP address settings.  Did you also confirm that the virtual bonded NIC interface is listed above the 4 physical NICs in the service order list:

To change the priority of a network port configuration:

Choose Apple menu > System Preferences and click Network.

Choose Set Service Order from the Action pop-up menu (looks like a gear).

Drag a service, such as Ethernet, to the top of the list.

Click OK, and then click Apply to make the new settings active.
0
 
ParadiseITSAuthor Commented:
Here is a copy of the config file from the 3COM Baseline 2948 switch.

I don't see anything amiss here -- and the log files do not show any issues with traffic passing through the ports in question (45-48).

Any thoughts?  I am checking the service load order, although this server hasn't actually restarted for over a year.
3comranger48.txt
0
 
ParadiseITSAuthor Commented:
So - just to confirm - in the Service Order List, my bonded adapter (4GB Mega Link) should be first in the list?  

Here is the list as it stands right now:
Built in Serial Port (1)
FireWire
Ethernet 1
Ethernet 2
PCI Ethernet Slot 1, Port 1
PCI Ethernet Slot 1, Port 2
4GB Mega Link

If I understood your post properly, it should actually read:
4GB Mega Link
Built in Serial Port (1)
FireWire
Ethernet 1
Ethernet 2
PCI Ethernet Slot 1, Port 1
PCI Ethernet Slot 1, Port 2
0
 
aschaef217Commented:
Yes, on the service order list you should have the 4GB Mega Link listed above all of the Ethernet adapters which are bonded. I will look over the switch config shortly.
0
 
ParadiseITSAuthor Commented:
Issue not resolved.
0
 
ParadiseITSAuthor Commented:
Issue not resolved.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now