Solved

AT&T Managed VPN works one way

Posted on 2014-12-18
20
113 Views
Last Modified: 2014-12-26
We have an AT&T managed VPN between 2 office locations.  Location A uses 192.168.1.0.  Location B uses 192.168.2.0.  All of the sudden, traffic cannot travel from A to B, but CAN travel from B to A.  We can resolve names from A to B, but any attempts to ping or tracert items in B stop at the B gateway (192.168.2.1).  Any ideas?
0
Comment
Question by:BullfrogSoftware
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
  • 5
20 Comments
 
LVL 3

Expert Comment

by:vipelite
ID: 40507715
What type of devices in question?
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40507718
the endpoints are AT&T provided cisco routers.  The network is an SBS managed (DNS, Active Directory) Windows network.
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 40507725
Is the 192.168.2.1 address @ the B side the LAN interface of the ATT router?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40507741
Yes:

A (192.168.1.0) -> Gateway 192.168.1.1 -- VPN -- Gateway 192.168.2.1 -> B (192.168.2.0)

B can ping or map devices all the way through to A (i.e. printer at 192.168.1.151)
A cannot ping or map devices all the way through to B (pings, tracerts stop at gateway (192.168.2.1))
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 40507746
Do you have CLI access to these routers? Most ATT managed offerings don't include that, but on the router is a logical place to start troubleshooting.
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40507754
Here is the main problem.  No access to the router interface.  Ticket submitted to ATT resulted in 'Our interfaces are all up, sorry'
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 40507762
Okay. Are the LANs at the two locations just flat /24s? In other words, is the LAN interface of the ATT router in the same subnet as all devices at each location?
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40507771
Yes, for an example:

Location A
Gateway (192.168.1.1)
Computer (192.168.1.2)
Printer (1982.168.1.3)

Location B
Gateway (192.168.2.1)
Computer (192.168.2.2)
Printer (1982.168.2.3)
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 40507784
Ok, great. Do you have visibility into the LAN at each location? That is, is there a managed switch you can access?

I'm guessing depending on your location, it might be tough to see B's LAN at this point.
0
 
LVL 3

Expert Comment

by:vipelite
ID: 40508056
Is the VPN on the At&t Managed router?
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40508071
Yes. The VPN is att managed.
0
 
LVL 3

Accepted Solution

by:
vipelite earned 500 total points
ID: 40508121
Power off/on
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40508167
We have visibility.  I have remotes to units on both sides.
0
 
LVL 3

Expert Comment

by:vipelite
ID: 40508198
Provide: show ip route on B side where the gateway is failing.
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40508230
Route tables:

Side A
-------------

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 13 72 5f cd 9d ...... Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.7      1
      25.29.221.0    255.255.255.0      192.168.1.5      192.168.1.7      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0      192.168.1.7      192.168.1.7     20
      192.168.1.7  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.1.255  255.255.255.255      192.168.1.7      192.168.1.7     20
        224.0.0.0        240.0.0.0      192.168.1.7      192.168.1.7     20
  255.255.255.255  255.255.255.255      192.168.1.7      192.168.1.7      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      25.29.221.0    255.255.255.0      192.168.1.5       1

Side B
---------

Interface List
 11...f8 bc 12 8e 9a 66 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.123    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link     192.168.2.123    276
    192.168.2.123  255.255.255.255         On-link     192.168.2.123    276
    192.168.2.255  255.255.255.255         On-link     192.168.2.123    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.2.123    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.2.123    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.2.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::28b9:9b3f:6e31:4254/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 
LVL 3

Expert Comment

by:vipelite
ID: 40508245
These are actual PCs route prints. One thing I see A vs B is persistent route that has been added on A side. Also, IPv6 is enabled on B side, you might as well turn that off could cause unwanted issues. Find out what that persistent route is for. You may need to add it on B side possibly VPN?
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40509530
The persistent route was an old server, and has been removed.  No effect on the problem.  I will also add that we power cycled the devices at both endpoints.
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 40509548
Going back a little, when you say you can resolve names from A to B - does the name resolution occur at site A or site B?
What does a tracert from site B to site A look like? What does a tracert from site A to site B look like? Can you show us?
0
 
LVL 1

Author Comment

by:BullfrogSoftware
ID: 40519336
It is going to be one of those issues that is never really answered.  Reboots of the ATT endpoints resolved the issue.
0
 
LVL 1

Author Closing Comment

by:BullfrogSoftware
ID: 40519337
Sometimes simple is best.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
catalyst 6500 - recover from corrupted IOS 4 69
Comcast Static IP Addresses 13 158
DHCP Lease/Reservations 3 34
data internet through mobile 14 40
As dyndns has reduced the capabilities of the free service, I looked around for other free providers of Dynamic DNS service. After testing several I decided to move my DNS hosting to Hurricane Electric as then domains that require dynamic hostnam…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question