Solved

Laptops will not move off vpn subnet

Posted on 2014-11-17
55
82 Views
Last Modified: 2015-03-14
Since about last week some users are getting stuck on the vpn IP 10.144 and even if I restart or do a flush or renew, Im unable to get the users back on our normal subnet.

Does anyone know why this would happen?

Thank you,
Mark88
0
Comment
Question by:Mark88
  • 31
  • 18
  • 3
  • +1
55 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 40447889
Try doing a TCP/IP reset (which is more than a lease renew)

Open cmd.exe with Run as Administrator.
Then netsch int ip reset c:\resetlog.txt
Also, ipconfig /flushdns followed by net stop dnscache followed by net start dnscache
Restart the computer and test.
0
 

Author Comment

by:Mark88
ID: 40447897
Any idea why this is suddenly happening?
0
 

Author Comment

by:Mark88
ID: 40447903
If they're all on the same switch, what would that tell us?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40447920
Are you trying to run VPN internally? I don't usually do that unless creating VPN to an outside organiaztion. Where is the VPN connecting to?
0
 

Author Comment

by:Mark88
ID: 40447930
EU's have to use vpn when not on the wire - like a meetings and such.
I dont know where the vpn "connects to".
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40447945
Look and see if VPN is stuck on somehow and try the reset steps I outlined.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40447955
I think I understand better. User are not in the office, VPN to the office and then when they come back, the VPN is holding the network somehow.

Make sure your Office systems use DHCP and not static and try the complete reset as I suggested.
0
 

Author Comment

by:Mark88
ID: 40449991
I think some of them that's happening to when they come back in.
We are on dhcp.
It appears that the three Im looking at right now are all on the same switch as well: #2
0
 

Author Comment

by:Mark88
ID: 40449995
I opened a work order in my name and the Director told me to put it the NW queue.  But they're still asking me to troubleshoot.
0
 
LVL 90

Accepted Solution

by:
John Hurst earned 500 total points
ID: 40450003
I think some of them that's happening to when they come back in.

What you are seeing is the computer keeping the old IP address I think. I have seen this before although not exactly as you are describing.

I want you to try the Full TCP/IP Reset and DNS flush as I have described.

I know you are having an issue, but without doing the troubleshooting steps, we don't have much chance.
0
 

Author Comment

by:Mark88
ID: 40451196
John, did all that and the laptop still has 10.144 vpn address when pinged.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40451364
some users are getting stuck on the vpn IP 10.144  <-- More than one user and test for one user above did not work.

So at this point, the VPN host must be damaged or otherwise misbehaving.  Can the VPN host be reset (or even rebuilt with respect to clients and addressing)?
0
 

Author Comment

by:Mark88
ID: 40451380
I don't know. What does that entail?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40451388
I do not know what VPN you are using. I use hardware VPN and IPsec within the hardware VPN. No device EVER (in more than a decade across multiple clients) has retained the VPN address.

Are you using Microsoft VPN on a server?  There would be settings for it.
0
 

Author Comment

by:Mark88
ID: 40451469
I don't know.
0
 

Author Comment

by:Mark88
ID: 40451470
There's something wrong though.  I bet they would still have the 10.144 vpn if I uninstalled the vpn client!
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40452019
You have multiple users with the same issue. Short of a virus outbreak, it would seem strange that some users have no issue and some users have an issue.

Take one problem machine, back it up and reinstall Windows. See if the problem persists. It could have been some issue with updates.
0
 

Author Comment

by:Mark88
ID: 40452561
Is there anybody else with an opinion too?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40453080
Since some (undetermined number of) machines work and some (undetermined number of) machines do not work with no rhyme or reason, and since we / you have done the TCP/IP testing and resets that always solves these issue in my experience, you are left with the following:

You need to look at the HOST VPN settings and logs. What happens in the log when a user connects?  And what happens when they disconnect?
0
 

Author Comment

by:Mark88
ID: 40453121
All the users having the issue are on the same switch.  I think thats odd
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40453138
That is brand new information since we started. All problems on one switch, no problems on other switches.

Reset or replace the switch and make sure the connection cabling is correct and intact.

Also remember about checking the VPN host.
0
 

Author Comment

by:Mark88
ID: 40453169
//Thats brand new information...//

Your Comment
Mark882014-11-17 at 11:14:23ID: 40447903
If they're all on the same switch, what would that tell us?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40453186
What is new is that the switch is the determining factor. I thought non-problem computers were using the same switch.
0
 

Author Comment

by:Mark88
ID: 40453397
Also, some on that switch have a connection but you cannot ping them.
Weird
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40453418
The switch or connection to / from the switch is bad. A cable could have a loose connection in its plug. Any decent switch with good cables and connections is transparent.
0
 

Author Comment

by:Mark88
ID: 40453487
//The switch or connection to / from the switch is bad. A cable could have a loose connection in its plug. Any decent switch with good cables and connections is transparent.//

John, sorry, not sure what that means.
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 90

Expert Comment

by:John Hurst
ID: 40453499
A switch that works properly will not interfere with pings or any other traffic.. Cables need to be good on every wire. A mis-crimped end could cause traffic disruptions.
0
 

Author Comment

by:Mark88
ID: 40453909
Nothing's been crimped/changed since Ive been here 6 mos.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40453917
Two things:

1. A switch can go bad. Happens fairly frequently.
2. A loose crimp a year ago can oxidize today.

In this thread you focused on the computers It apparently is not the computers.  I have asked about the HOST VPN and you said you didn't know. Someone in your organization should be tasked with finding out. And then, you cannot talk your way out of hardware problems.
0
 

Author Comment

by:Mark88
ID: 40462331
Im still waiting to see what the server team wants to do.  
Im pretty sure they'll want to try another switch too
0
 

Author Comment

by:Mark88
ID: 40469173
Still waiting for my server team.
0
 

Author Comment

by:Mark88
ID: 40490190
Still waiting.
0
 

Author Comment

by:Mark88
ID: 40515261
Ok they put the request back into my queue. :(
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40538645
---> EU's have to use vpn when not on the wire - like a meetings and such.

Have you done a "ipconfig /all" ?  My guess is that if you did you would see the wired connection with the correct IP address and then you would see the VPN connection with the 10.144 connection.  I am assuming that the VPN software is connecting to the VPN server no matter which "physical" connection (wired or wireless) connection the laptop has.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40539065
>> All the users having the issue are on the same switch
Try and get one of the users that has the issue, connected to another user's connection that does not have the issue. This to determine wheter you have a problem with that specific switch. Get a long cable or move the laptop of a user with the issue to the (docking) connection of a user that does not have the problem.
0
 

Author Comment

by:Mark88
ID: 40549532
Gerwin, not sure what you're asking.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40549856
I'm suggesting that you connect one of the laptops that is having the issue to an outlet (port) of one that is not having the issue.
0
 

Author Comment

by:Mark88
ID: 40549909
Oh ok.  Gotchya.  I'll see if they have time.  I work in the finance/tax office and theyre never available it seems
0
 

Assisted Solution

by:Mark88
Mark88 earned 0 total points
ID: 40584969
Ok a NW tech said Checkpoint VPN has an issue where it wont let go of the 10.144 IP even after you disconnect.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40585077
Good to hear you've had someone pinpoint the issue, hope they can fix it for you as well.
0
 

Author Comment

by:Mark88
ID: 40585094
We're testing a new vpn - cisco anyconnect.
0
 

Author Comment

by:Mark88
ID: 40628981
testing
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40629135
Please let us know about results. This thread is now old so that there have been cycles of Windows Updates, Cisco firmware updates (on my Cisco boxes) and so on.
0
 

Author Comment

by:Mark88
ID: 40642771
Not sure when the cisco will roll out.  Just waiting
0
 

Author Comment

by:Mark88
ID: 40650398
I've requested that this question be closed as follows:

Accepted answer: 0 points for Mark88's comment #a40584969

for the following reason:

NW admins let me know about this long after I opened the question.  No much I can do about it.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40650399
@Mark88 - despite the fact this is a long question, there is no solution in this case and so the question must be deleted.
0
 

Author Comment

by:Mark88
ID: 40652167
Not sure what to say.
0
 

Author Comment

by:Mark88
ID: 40654106
Wouldnt deleting the question deny people from seeing that the answer is that the check point vpn is the problem?
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 500 total points
ID: 40654124
If you see our posts assisting you, then you can accept your answer for 0 points plus assist points to those posts that helped you. This will keep the question and point readers to what helped you.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40654154
@Mark88  - Thank you indeed for following up. I appreciate that.
0
 

Author Comment

by:Mark88
ID: 40657657
please close
0
 

Author Comment

by:Mark88
ID: 40663319
ok to closee
0
 

Author Closing Comment

by:Mark88
ID: 40664867
So the final answer is that check point wont release the ip even after the end user disconnects it.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now