Re: Exchange issue with browsing accross IP Sec tunnel

Tech-Archive recommends: Fix windows errors by optimizing your registry

Mike

I was just talking with our network team and they reminded me of something.
We have occasionally seen a problem with IPSEC tunnels where the tunnel
looks like it is up but it is not. the negotiation did not fully complete
when it is debugged you will see the errors. this is one possibility

the other is delay on the tunnel when you do a continous ping with a packet
size of 1400 what are the delay times in Milliseconds?
"Mike" <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DD251576-4BA0-4F47-9177-EE5883E23349@xxxxxxxxxxxxxxxx
I support a remote site lets call it site B. At site B we use sonicwall IP
Sec tunnels to connect 25 or so pcs and 3 servers (2 of which are 2000
DC's),
to site A. The client machines and servers use this tunnel from a Site B
(192.168.44.0) to connect Site A (192.168.1.0) which contains additional
DC's
and our primary and only exchange server.

Up until about a month ago everything worked fine between the sites and we
could replicate DNS etc client pcs could browse files on both sides using
unc
names or unc ip mappings. Then it basically stopped working, our tunnel
is
up and connected and we can pint by name and IP address but are unable to
go
beyond that.

The critical issue is that our exchange server (Site A) is not at site B
and
now outlook clients cannot connect to exchange internally at Site B thus
no
email. DNS replication is also failing as they sites cannot connect using
AD
synch either, so now AD is also not able to replicate changes from site to
site.
Site B geographically is 2000 miles from Site A so we are trying to get
this
done remotely. We do have remote access in using IP mapping.

At this point we have spent countless hours on phone getting no good
response from MS support as we are also a MS partner. Additionally we
have
replaced the soncicwall appliance at site B, added host files on all pcs
and
several other steps with no good result. We have basically hit the wall
and
have no idea what would be causing this issue. If anyone has any
suggestion
or has experienced this before it would greatly help us if any suggestions
could be made. I actually think it could be something very simple but we
are
so far in we may not just see it.

We are stumped on this so any suggestions would be great!

Thanks
Mike



.

Relevant Pages

  • Re: VPN versus Terminal Server for remote workers
    ... call a 'cell phone' we call a 'mobile', ... Windows VPN client, Windows Mobile VPN client, or a 3rd party VPN client. ... It is tunnel to the appliance or nothing. ...
    (microsoft.public.windows.server.sbs)
  • Re: [fw-wiz] VPN Split-tunneling: Your opinion?
    ... Do you consider a split-tunnel setup to be particularly risky to allow ... I think, for client VPN configurations, that split tunnel versus full tunnel ...
    (Firewall-Wizards)
  • Re: VPN: Router-to-Router or Client-to-Router??
    ... Or even plain old XP client at the remotes??? ... Can the DFL-200 allow a remote site to have a URL instead of IP? ... > create the tunnel on other OS's. ... >> CONS: ...
    (comp.dcom.vpn)
  • Re: Pix site to site and client VPN
    ... I can't figure out why the client tunnel will not work when the site to ... crypto map outside_map 20 match address outside_cryptomap_20 ... isakmp policy 10 authentication pre-share ...
    (comp.dcom.sys.cisco)
  • FreeS/WAN - Routing all traffic (0.0.0.0) through a client tunnel
    ... the client to forward ALL traffic through the tunnel? ... I have experience with this type of configuration using a Nortel ... but have never tried it with freeswan. ... anything that comes in through the tunnel is dumped out ...
    (comp.os.linux.security)