Re: Exchange issue with browsing accross IP Sec tunnel

Mitch,
we can only use above 200mtu pings onto one of the networks the other ones
wont pass and our sonicwalls seem fine. Not sure where to go from here. Is
there a setting in Windows possibly causing this?

"mitch Roberson" wrote:

Mike

I was just talking with our network team and they reminded me of something.
We have occasionally seen a problem with IPSEC tunnels where the tunnel
looks like it is up but it is not. the negotiation did not fully complete
when it is debugged you will see the errors. this is one possibility

the other is delay on the tunnel when you do a continous ping with a packet
size of 1400 what are the delay times in Milliseconds?
"Mike" <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DD251576-4BA0-4F47-9177-EE5883E23349@xxxxxxxxxxxxxxxx
I support a remote site lets call it site B. At site B we use sonicwall IP
Sec tunnels to connect 25 or so pcs and 3 servers (2 of which are 2000
DC's),
to site A. The client machines and servers use this tunnel from a Site B
(192.168.44.0) to connect Site A (192.168.1.0) which contains additional
DC's
and our primary and only exchange server.

Up until about a month ago everything worked fine between the sites and we
could replicate DNS etc client pcs could browse files on both sides using
unc
names or unc ip mappings. Then it basically stopped working, our tunnel
is
up and connected and we can pint by name and IP address but are unable to
go
beyond that.

The critical issue is that our exchange server (Site A) is not at site B
and
now outlook clients cannot connect to exchange internally at Site B thus
no
email. DNS replication is also failing as they sites cannot connect using
AD
synch either, so now AD is also not able to replicate changes from site to
site.
Site B geographically is 2000 miles from Site A so we are trying to get
this
done remotely. We do have remote access in using IP mapping.

At this point we have spent countless hours on phone getting no good
response from MS support as we are also a MS partner. Additionally we
have
replaced the soncicwall appliance at site B, added host files on all pcs
and
several other steps with no good result. We have basically hit the wall
and
have no idea what would be causing this issue. If anyone has any
suggestion
or has experienced this before it would greatly help us if any suggestions
could be made. I actually think it could be something very simple but we
are
so far in we may not just see it.

We are stumped on this so any suggestions would be great!

Thanks
Mike




.

Relevant Pages

  • Re: IPsec performance just 55% of WAN bandwidth
    ... It looks like pings with a payload larger than 1418 bytes are ... I do not know why 1000 exactly, and PIX offers no way to ... SHA-1 is used for the authentication, ... Are the pings going inside the tunnel or outside the tunnel? ...
    (comp.security.misc)
  • Re: IPsec performance just 55% of WAN bandwidth
    ... It looks like pings with a payload larger than 1418 bytes are ... I do not know why 1000 exactly, and PIX offers no way to ... SHA-1 is used for the authentication, ... Are the pings going inside the tunnel or outside the tunnel? ...
    (comp.security.firewalls)
  • RE: IPSEC tunnel issue..
    ... > secure tunnel between these two networks and I'm having some ... > tunnel endpoints. ... you're running the FreeBSD firewall in ... build the tunnel and route anything that isn't through the ...
    (freebsd-questions)
  • FreeBSD tunnels / performance etal (gif/tun etc.)
    ... We've routed multiple class C networks over the tunnel - only to find the ... If I do a transfer from the machines 'wan' facing addresses directly, ...
    (freebsd-questions)
  • Cisco VPN AIM: is really needed for me?
    ... public /29 range for my servers ... I wuold like to establish a VPN Tunnel from site A to site B: ... I am not sure if I will use 3DES 168 or AES. ... networks: no file sharing, no netbios in it, just some RDP, ssh connections ...
    (comp.dcom.sys.cisco)