Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 19 replies
  • Subscribers 26 subscribers
  • Views 30553 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

When data passes over our VPN tunnel, any outside users get cut off

Daniel Okopnyi

We have a VPN tunnel configured to pass our labs through to a lab company, the tunnel is bidirectional. It's purpose is to go from one host to our one host and back. It is set up with NATing as well.

I believe the tunnel is set up correctly and it is supposed to only communicate back to our Database/DC at 192.168.1.5

We have a terminal server at 192.168.1.2, which most of the user on the internal LAN network remote into to do work in the applications.

We have configured Remote Access SSL through the VPN client for our staff to work from home, in which they connect to the VPN, then RDP into the terminal server (.2). I also have Team Viewer set up on the Terminal server/Database(dc)/XRAY/a few other computers.

The tunnel is fine but during the day, when labs pass through, all of a sudden connectivity for anyone on the Remote Access is lost to the terminal server. I also lose all my team viewer hosts, except the database server. Users can also RDP to the database server while in the VPN client, but you can't even ping the terminal server. Internally (behind the LAN), everything is working fine and no one notices anything. Outside of the internal network, everyone gets disconnected.

I am not sure if this is a tunneling issue or a firewall policy issue, could someone assist me please?

I should also add that connectivity is down permanently, until I bounce the tunnel.


Thank you!



This thread was automatically locked due to age.
Parents
  • 0

    Daniel,

    Do you have some interesting log about this behavior?

    Thanks

  • 0 in reply to lferrara

    I'm not sure where specifically to look; I have viewed some of the log files but I can't really determine what's causing it.

  • 0 in reply to lferrara

    Hello Luk,

     

    I applied the QoS to each firewall policy, applied the QoS in general for the system services to total only the outgoing, applied a specific service to the policy rule (TCP to a specific port) but we still lose connectivity to the Terminal server once the VPN goes on and data is passing through.

    What further troubleshooting can I perform?

  • 0 in reply to Daniel Okopnyi

    Daniel,

    Can you share the policy you have created?

  • 0 in reply to lferrara

    At this point, I am not even sure the VPN tunnel has been configured correctly. I checked the logs as you showed me and there really isn't anymore traffic spikes.

     

    I have:

    Outside company VPN Out

    Source

    Source Zones - LAN

    Source Networks & devices - DB1, DB1-Inside-Global-4-Outsidecompany (I believe the global is the NATed address of my DB server)

    Schedule - All the Time

    Destination & Services

    Destination Zones - VPN

    Destinate Networks - Outside Company (The NATed host on their end)

    Services: TCP-55443, TCP-59536

    Advanced

    Traffic Shaping Policy - Extremely Limited

    --------------

    Outside Company VPN Access

    Source

    Source Zones - VPN

    Source Network & Devices - Outside company (the NATed host on their end)

    Schedule - All the time

    Destination & services

    Destination zones - LAN

    Destination Networks - DB1, DB1-Inside-Global-4-Outsidecompany (I believe the global is the NATed address of my DB server)

    Services: TCP-55443, TCP-59536

    Advanced

    Traffic Shaping Policy - Extremely Limited

  • 0 in reply to lferrara

    I would like to add a couple more variables to this equation:

    I have a port open to our terminal server facing the outside for RDP, (I realize this isn't best practice, but this is temporary until I address my tunnel for my Sophos to Sophos firewalls). When Data passes through the VPN tunnel, the users going from the outside get kicked off the Terminal server as well. They do not go through the SSL VPN remote access.

    The other variable is this; I noticed that the IP address assigned by the Remote Access SSL VPN is 10.81.234.x. My local host used by the tunnel which is NATed to my LAN is: 

    10.0.202.69 /32

     

    Could this be causing some of the issues?

  • 0 in reply to Daniel Okopnyi

    Hello,

    So after changing some of the QoS policies, the issue still exists. I tested it this evening.

    I believe there is still a transmit spike that occurs as per this screenshot.

    I activated the tunnel at 21:04, but the spikes are still occuring.

  • 0 in reply to Daniel Okopnyi

    Daniel,

    for both Firewall rules (VPN to LAN and LAN to VPN) apply a QoS where traffic is limited and not garantee.

    Let us know.

    Thanks

  • 0 in reply to lferrara

    Hello Luk,

     

    Both QoS policies are and have been in place for the VPN tunnel, but we are still experiencing the same issue.

     

    Even though the system graphs show the spike in data usage, the VPN spike does not exist. Also it's 14462 Mbits for that whole minute, which would make sense if they were downloading a large file in that time period.

     

    I am starting to think there is an entirely separate issue not tied to the QoS. Maybe a routing issue? 

  • 0 in reply to Daniel Okopnyi

    Daniel,

    Did you have a look at the reporting?

    For example, go to Reports > Dashboard > Show Traffic Dashboard and share which rules are the most used and most Application used.

    Some other non shaped protocols are "eating" your bandwidth.

  • 0 in reply to lferrara

    Rule 1 - Lan to WAN

    rule 11 - Allow RDP (externally) to terminal server

    Rule 5 - SSL VPN Remote access rule

    Rule 6 - VPN tunnel to company

    Rule 7 - VPN tunnel receiving from company

    Rule 3 - Forward facing camera system

  • 0 in reply to Daniel Okopnyi

    So LAN to WaN users are eating all the bandwidth. Attach a proper QoS where you limit the bandwidth to that policy rule and as Bandwidth Usage Type use shared.

    Make sure also to block websites and applications you do not want to allow (utorrent, emule, p2p and unneeded websites).

Reply
  • 0 in reply to Daniel Okopnyi

    So LAN to WaN users are eating all the bandwidth. Attach a proper QoS where you limit the bandwidth to that policy rule and as Bandwidth Usage Type use shared.

    Make sure also to block websites and applications you do not want to allow (utorrent, emule, p2p and unneeded websites).

Children
No Data