Solved

AT&T Managed VPN works one way

Posted on 2014-12-18
20
109 Views
Last Modified: 2014-12-26
We have an AT&T managed VPN between 2 office locations.  Location A uses 192.168.1.0.  Location B uses 192.168.2.0.  All of the sudden, traffic cannot travel from A to B, but CAN travel from B to A.  We can resolve names from A to B, but any attempts to ping or tracert items in B stop at the B gateway (192.168.2.1).  Any ideas?
0
Comment
Question by:BullfrogSoftware
  • 10
  • 5
  • 5
20 Comments
 
LVL 3

Expert Comment

by:vipelite
ID: 40507715
What type of devices in question?
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40507718
the endpoints are AT&T provided cisco routers.  The network is an SBS managed (DNS, Active Directory) Windows network.
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 40507725
Is the 192.168.2.1 address @ the B side the LAN interface of the ATT router?
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40507741
Yes:

A (192.168.1.0) -> Gateway 192.168.1.1 -- VPN -- Gateway 192.168.2.1 -> B (192.168.2.0)

B can ping or map devices all the way through to A (i.e. printer at 192.168.1.151)
A cannot ping or map devices all the way through to B (pings, tracerts stop at gateway (192.168.2.1))
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 40507746
Do you have CLI access to these routers? Most ATT managed offerings don't include that, but on the router is a logical place to start troubleshooting.
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40507754
Here is the main problem.  No access to the router interface.  Ticket submitted to ATT resulted in 'Our interfaces are all up, sorry'
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 40507762
Okay. Are the LANs at the two locations just flat /24s? In other words, is the LAN interface of the ATT router in the same subnet as all devices at each location?
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40507771
Yes, for an example:

Location A
Gateway (192.168.1.1)
Computer (192.168.1.2)
Printer (1982.168.1.3)

Location B
Gateway (192.168.2.1)
Computer (192.168.2.2)
Printer (1982.168.2.3)
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 40507784
Ok, great. Do you have visibility into the LAN at each location? That is, is there a managed switch you can access?

I'm guessing depending on your location, it might be tough to see B's LAN at this point.
0
 
LVL 3

Expert Comment

by:vipelite
ID: 40508056
Is the VPN on the At&t Managed router?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40508071
Yes. The VPN is att managed.
0
 
LVL 3

Accepted Solution

by:
vipelite earned 500 total points
ID: 40508121
Power off/on
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40508167
We have visibility.  I have remotes to units on both sides.
0
 
LVL 3

Expert Comment

by:vipelite
ID: 40508198
Provide: show ip route on B side where the gateway is failing.
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40508230
Route tables:

Side A
-------------

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 13 72 5f cd 9d ...... Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.7      1
      25.29.221.0    255.255.255.0      192.168.1.5      192.168.1.7      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0      192.168.1.7      192.168.1.7     20
      192.168.1.7  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.1.255  255.255.255.255      192.168.1.7      192.168.1.7     20
        224.0.0.0        240.0.0.0      192.168.1.7      192.168.1.7     20
  255.255.255.255  255.255.255.255      192.168.1.7      192.168.1.7      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      25.29.221.0    255.255.255.0      192.168.1.5       1

Side B
---------

Interface List
 11...f8 bc 12 8e 9a 66 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.123    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link     192.168.2.123    276
    192.168.2.123  255.255.255.255         On-link     192.168.2.123    276
    192.168.2.255  255.255.255.255         On-link     192.168.2.123    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.2.123    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.2.123    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.2.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::28b9:9b3f:6e31:4254/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 
LVL 3

Expert Comment

by:vipelite
ID: 40508245
These are actual PCs route prints. One thing I see A vs B is persistent route that has been added on A side. Also, IPv6 is enabled on B side, you might as well turn that off could cause unwanted issues. Find out what that persistent route is for. You may need to add it on B side possibly VPN?
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40509530
The persistent route was an old server, and has been removed.  No effect on the problem.  I will also add that we power cycled the devices at both endpoints.
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 40509548
Going back a little, when you say you can resolve names from A to B - does the name resolution occur at site A or site B?
What does a tracert from site B to site A look like? What does a tracert from site A to site B look like? Can you show us?
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40519336
It is going to be one of those issues that is never really answered.  Reboots of the ATT endpoints resolved the issue.
0
 
LVL 1

Author Closing Comment

by:BullfrogSoftware
ID: 40519337
Sometimes simple is best.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place. Since I allready had an w2k8R2 NPS running for my acc…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now