Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 19 replies
  • Subscribers 26 subscribers
  • Views 30555 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

When data passes over our VPN tunnel, any outside users get cut off

Daniel Okopnyi

We have a VPN tunnel configured to pass our labs through to a lab company, the tunnel is bidirectional. It's purpose is to go from one host to our one host and back. It is set up with NATing as well.

I believe the tunnel is set up correctly and it is supposed to only communicate back to our Database/DC at 192.168.1.5

We have a terminal server at 192.168.1.2, which most of the user on the internal LAN network remote into to do work in the applications.

We have configured Remote Access SSL through the VPN client for our staff to work from home, in which they connect to the VPN, then RDP into the terminal server (.2). I also have Team Viewer set up on the Terminal server/Database(dc)/XRAY/a few other computers.

The tunnel is fine but during the day, when labs pass through, all of a sudden connectivity for anyone on the Remote Access is lost to the terminal server. I also lose all my team viewer hosts, except the database server. Users can also RDP to the database server while in the VPN client, but you can't even ping the terminal server. Internally (behind the LAN), everything is working fine and no one notices anything. Outside of the internal network, everyone gets disconnected.

I am not sure if this is a tunneling issue or a firewall policy issue, could someone assist me please?

I should also add that connectivity is down permanently, until I bounce the tunnel.


Thank you!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Daniel Okopnyi

    Okay so I am seeing Firewall Rule 2, blocking traffic coming from that IP address in the tunnel.

     

     

    The source and destination is supposed to be 192.168.1.5 and 156.30.21.202 (NATed address), traffic going both ways. Is the firewall blocking it causing the network to act weird?

  • 0 in reply to Daniel Okopnyi

    Daniel,

    go to Firewall and you can see the ID next to the Policy Rule name.

    Have a look at the screenshot.

  • 0 in reply to lferrara

    Rule 2 states:

    Drop any service going to any zone, when in any zone, and coming from any network, then apply log connections.

    This is a default rule isn't it? It's at the bottom of the firewall order list

  • 0 in reply to Daniel Okopnyi

    Daniel,

    make sure the proper Firewall Rules exist to allow traffic back and forth VPN and LAN resouces.

    Traffic that does not match any rule, will be dropped by rule id 2 (in your case).

  • 0 in reply to lferrara

    Can you assist with those rules? I have two rules in place for it, but I am not sure they are configured correctly.

    Would this cause remote access users to lose connectivity to our terminal server like it does? It feels like a network collision of some sort.

  • 0 in reply to Daniel Okopnyi

    These are the rules I have in place.

    Quest Diagnostics is the Quest host, AMHS-DB1 is the internal network IP of the Database server and AMHS-DB1-InsideGlobal 4 quest is the NATed address of our DB server

  • +1 in reply to Daniel Okopnyi

    Daniel, all seems good. Some tips:

    • Make sure to not use "any service" inside the Policy Rule managing the tunnel
    • Check the reports to see how much bandwidth is consumed during the peak time
    • Apply a proper QoS on both Rule and see if the situation improves
  • 0 in reply to lferrara

    Hello Luk,

     

    I applied the QoS to each firewall policy, applied the QoS in general for the system services to total only the outgoing, applied a specific service to the policy rule (TCP to a specific port) but we still lose connectivity to the Terminal server once the VPN goes on and data is passing through.

    What further troubleshooting can I perform?

  • 0 in reply to Daniel Okopnyi

    Daniel,

    Can you share the policy you have created?

  • 0 in reply to lferrara

    At this point, I am not even sure the VPN tunnel has been configured correctly. I checked the logs as you showed me and there really isn't anymore traffic spikes.

     

    I have:

    Outside company VPN Out

    Source

    Source Zones - LAN

    Source Networks & devices - DB1, DB1-Inside-Global-4-Outsidecompany (I believe the global is the NATed address of my DB server)

    Schedule - All the Time

    Destination & Services

    Destination Zones - VPN

    Destinate Networks - Outside Company (The NATed host on their end)

    Services: TCP-55443, TCP-59536

    Advanced

    Traffic Shaping Policy - Extremely Limited

    --------------

    Outside Company VPN Access

    Source

    Source Zones - VPN

    Source Network & Devices - Outside company (the NATed host on their end)

    Schedule - All the time

    Destination & services

    Destination zones - LAN

    Destination Networks - DB1, DB1-Inside-Global-4-Outsidecompany (I believe the global is the NATed address of my DB server)

    Services: TCP-55443, TCP-59536

    Advanced

    Traffic Shaping Policy - Extremely Limited