Possible DHCP issue with VPN clients

[Mike Barry]

We use Sonicwall products, and they've been working fine when
a user VPN's into a Sonicwall 2040 using Sonicwall's Global VPN
client.

For some reason, all of a sudden this client can't connect.
I'm writing here because I think it's a DHCP issue.

The client is obtaining a virtual IP from the DHCP server
that's on the Windows 2000 Domain Controller. (The DC has AD going,
a DNS server, and is the only DC - it's a small office).

The client successfully receives the IP, and then can't
connect to anything, nor can she ping anything. She's running XP Pro
Service Pack 2, and the firewall on her computer is turned off.

There are 2 odd things about this situation. One, *I* can
connect fine from my home, either from behind a Netgear NAT router
or plugging straight into the cable modem.

The second odd thing is that when she tries to connect and
fails, IF I delete her entry in the DHCP server she suddenly has
connectivity.

Like I said earlier, this problem popped up just recently.
She had been VPNing in fine before with the same setup. This
problem popped up before she installed Service Pack 2 for XP,
so that isn't the issue.

Any ideas? Thanks!

Mike

 

[ptwilliams]

Can you provide us with an ipconfig /all??

You might want to check both the binding order of the NICs (www and VPN
connections) and also the default gateway metrics on both. If you have a DG
on both NICs, you should endeavour to make the VPN connections gateway have
a higher (lower numerically) interface metric.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net
______________________________________


We use Sonicwall products, and they've been working fine when
a user VPN's into a Sonicwall 2040 using Sonicwall's Global VPN
client.

For some reason, all of a sudden this client can't connect.
I'm writing here because I think it's a DHCP issue.

The client is obtaining a virtual IP from the DHCP server
that's on the Windows 2000 Domain Controller. (The DC has AD going,
a DNS server, and is the only DC - it's a small office).

The client successfully receives the IP, and then can't
connect to anything, nor can she ping anything. She's running XP Pro
Service Pack 2, and the firewall on her computer is turned off.

There are 2 odd things about this situation. One, *I* can
connect fine from my home, either from behind a Netgear NAT router
or plugging straight into the cable modem.

The second odd thing is that when she tries to connect and
fails, IF I delete her entry in the DHCP server she suddenly has
connectivity.

Like I said earlier, this problem popped up just recently.
She had been VPNing in fine before with the same setup. This
problem popped up before she installed Service Pack 2 for XP,
so that isn't the issue.

Any ideas? Thanks!

Mike

 

[Mike Barry]

I'll get the ipconfig as soon as I can. I'm not sitting in
front of the machines having trouble now.

Thanks Paul

Mike

 

[Mike Barry]

Well, I think I may have fixed it. The client that was having
trouble hasn't been able to test it, but another person who could
not get in using the VPN client was able to connect after these
changes were made:

We changed the lease time of the scope to 8 days, changed the server
to assign addresses to both BOOTP and DHCP requests, and clicked the
radio button for “always update DNS” and the checkbox for “Enable
updates for DNS clients that do not support dynamic update.”

Here's a portion of the log from the client...

===============================
Starting ISAKMP phase 2 negotiation with
10.0.0.0/255.255.255.0:BOOTPC:BOOTPS:UDP.

Starting quick mode phase 2 exchange.

The SA lifetime for phase 2 is 28800 seconds.

Phase 2 with 10.0.0.0/255.255.255.0:BOOTPC:BOOTPS:UDP has completed.

Renewing IP address for the virtual interface (XX-XX-XX-XX-XX-XX).

The IP address for the virtual interface has changed to 10.0.0.102.

The system ARP cache has been flushed.
================================

Got any ideas as to why this could have fixed it?

Thanks!

Mike