Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 97
  • Last Modified:

Laptops will not move off vpn subnet

Since about last week some users are getting stuck on the vpn IP 10.144 and even if I restart or do a flush or renew, Im unable to get the users back on our normal subnet.

Does anyone know why this would happen?

Thank you,
Mark88
0
Mark O'Brien
Asked:
Mark O'Brien
  • 31
  • 18
  • 3
  • +1
3 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
Try doing a TCP/IP reset (which is more than a lease renew)

Open cmd.exe with Run as Administrator.
Then netsch int ip reset c:\resetlog.txt
Also, ipconfig /flushdns followed by net stop dnscache followed by net start dnscache
Restart the computer and test.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Any idea why this is suddenly happening?
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
If they're all on the same switch, what would that tell us?
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
John HurstBusiness Consultant (Owner)Commented:
Are you trying to run VPN internally? I don't usually do that unless creating VPN to an outside organiaztion. Where is the VPN connecting to?
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
EU's have to use vpn when not on the wire - like a meetings and such.
I dont know where the vpn "connects to".
0
 
John HurstBusiness Consultant (Owner)Commented:
Look and see if VPN is stuck on somehow and try the reset steps I outlined.
0
 
John HurstBusiness Consultant (Owner)Commented:
I think I understand better. User are not in the office, VPN to the office and then when they come back, the VPN is holding the network somehow.

Make sure your Office systems use DHCP and not static and try the complete reset as I suggested.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
I think some of them that's happening to when they come back in.
We are on dhcp.
It appears that the three Im looking at right now are all on the same switch as well: #2
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
I opened a work order in my name and the Director told me to put it the NW queue.  But they're still asking me to troubleshoot.
0
 
John HurstBusiness Consultant (Owner)Commented:
I think some of them that's happening to when they come back in.

What you are seeing is the computer keeping the old IP address I think. I have seen this before although not exactly as you are describing.

I want you to try the Full TCP/IP Reset and DNS flush as I have described.

I know you are having an issue, but without doing the troubleshooting steps, we don't have much chance.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
John, did all that and the laptop still has 10.144 vpn address when pinged.
0
 
John HurstBusiness Consultant (Owner)Commented:
some users are getting stuck on the vpn IP 10.144  <-- More than one user and test for one user above did not work.

So at this point, the VPN host must be damaged or otherwise misbehaving.  Can the VPN host be reset (or even rebuilt with respect to clients and addressing)?
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
I don't know. What does that entail?
0
 
John HurstBusiness Consultant (Owner)Commented:
I do not know what VPN you are using. I use hardware VPN and IPsec within the hardware VPN. No device EVER (in more than a decade across multiple clients) has retained the VPN address.

Are you using Microsoft VPN on a server?  There would be settings for it.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
I don't know.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
There's something wrong though.  I bet they would still have the 10.144 vpn if I uninstalled the vpn client!
0
 
John HurstBusiness Consultant (Owner)Commented:
You have multiple users with the same issue. Short of a virus outbreak, it would seem strange that some users have no issue and some users have an issue.

Take one problem machine, back it up and reinstall Windows. See if the problem persists. It could have been some issue with updates.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Is there anybody else with an opinion too?
0
 
John HurstBusiness Consultant (Owner)Commented:
Since some (undetermined number of) machines work and some (undetermined number of) machines do not work with no rhyme or reason, and since we / you have done the TCP/IP testing and resets that always solves these issue in my experience, you are left with the following:

You need to look at the HOST VPN settings and logs. What happens in the log when a user connects?  And what happens when they disconnect?
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
All the users having the issue are on the same switch.  I think thats odd
0
 
John HurstBusiness Consultant (Owner)Commented:
That is brand new information since we started. All problems on one switch, no problems on other switches.

Reset or replace the switch and make sure the connection cabling is correct and intact.

Also remember about checking the VPN host.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
//Thats brand new information...//

Your Comment
Mark882014-11-17 at 11:14:23ID: 40447903
If they're all on the same switch, what would that tell us?
0
 
John HurstBusiness Consultant (Owner)Commented:
What is new is that the switch is the determining factor. I thought non-problem computers were using the same switch.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Also, some on that switch have a connection but you cannot ping them.
Weird
0
 
John HurstBusiness Consultant (Owner)Commented:
The switch or connection to / from the switch is bad. A cable could have a loose connection in its plug. Any decent switch with good cables and connections is transparent.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
//The switch or connection to / from the switch is bad. A cable could have a loose connection in its plug. Any decent switch with good cables and connections is transparent.//

John, sorry, not sure what that means.
0
 
John HurstBusiness Consultant (Owner)Commented:
A switch that works properly will not interfere with pings or any other traffic.. Cables need to be good on every wire. A mis-crimped end could cause traffic disruptions.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Nothing's been crimped/changed since Ive been here 6 mos.
0
 
John HurstBusiness Consultant (Owner)Commented:
Two things:

1. A switch can go bad. Happens fairly frequently.
2. A loose crimp a year ago can oxidize today.

In this thread you focused on the computers It apparently is not the computers.  I have asked about the HOST VPN and you said you didn't know. Someone in your organization should be tasked with finding out. And then, you cannot talk your way out of hardware problems.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Im still waiting to see what the server team wants to do.  
Im pretty sure they'll want to try another switch too
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Still waiting for my server team.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Still waiting.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Ok they put the request back into my queue. :(
0
 
giltjrCommented:
---> EU's have to use vpn when not on the wire - like a meetings and such.

Have you done a "ipconfig /all" ?  My guess is that if you did you would see the wired connection with the correct IP address and then you would see the VPN connection with the 10.144 connection.  I am assuming that the VPN software is connecting to the VPN server no matter which "physical" connection (wired or wireless) connection the laptop has.
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
>> All the users having the issue are on the same switch
Try and get one of the users that has the issue, connected to another user's connection that does not have the issue. This to determine wheter you have a problem with that specific switch. Get a long cable or move the laptop of a user with the issue to the (docking) connection of a user that does not have the problem.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Gerwin, not sure what you're asking.
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
I'm suggesting that you connect one of the laptops that is having the issue to an outlet (port) of one that is not having the issue.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Oh ok.  Gotchya.  I'll see if they have time.  I work in the finance/tax office and theyre never available it seems
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Ok a NW tech said Checkpoint VPN has an issue where it wont let go of the 10.144 IP even after you disconnect.
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
Good to hear you've had someone pinpoint the issue, hope they can fix it for you as well.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
We're testing a new vpn - cisco anyconnect.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
testing
0
 
John HurstBusiness Consultant (Owner)Commented:
Please let us know about results. This thread is now old so that there have been cycles of Windows Updates, Cisco firmware updates (on my Cisco boxes) and so on.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Not sure when the cisco will roll out.  Just waiting
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Mark88's comment #a40584969

for the following reason:

NW admins let me know about this long after I opened the question.  No much I can do about it.
0
 
John HurstBusiness Consultant (Owner)Commented:
@Mark88 - despite the fact this is a long question, there is no solution in this case and so the question must be deleted.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Not sure what to say.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Wouldnt deleting the question deny people from seeing that the answer is that the check point vpn is the problem?
0
 
John HurstBusiness Consultant (Owner)Commented:
If you see our posts assisting you, then you can accept your answer for 0 points plus assist points to those posts that helped you. This will keep the question and point readers to what helped you.
0
 
John HurstBusiness Consultant (Owner)Commented:
@Mark88  - Thank you indeed for following up. I appreciate that.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
please close
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
ok to closee
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
So the final answer is that check point wont release the ip even after the end user disconnects it.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 31
  • 18
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now