Phone Systems

Previous Thread
Next Thread
Print Thread
Rate Thread
VPN point-to-point killed WAN connection for network. Config issue?
#263687 08/14/07 10:56 PM
Joined: Nov 2006
Posts: 70
Member
OP Offline
Member
Joined: Nov 2006
Posts: 70
Hello.

Here is the situation:

We created a point-to-point VPN tunnel using 2 sonic wall 3060 devices locally at my office using 2 different T1 from 2 different ISP in order just to test them out.

Basically, as soon as the connection was established, the internet died for the entire company. As soon as the was tunnel was shut down, the internet started working again.

My question is does simple creating a point-to-point VPN tunnel between 2 points require an enormous overhead on bandwidth that may of exceeded the T1 capacity? The tunnel was simple established but no data was being transferred with it.

I must also point out that my network also as 2 juniper VPN tunnel on both the T1 connecting to another office in Boston. I am not sure if that was a factor in what caused the internet to crash when the sonic wall VPN tunnel was established.( perhaps something conflicting)

Also, I will mention that we have people with the sonicwall VPN client software who connect remotely.

1.No network performance loss happens with the Juniper tunnel which have been running for years( but installed by the company in Boston so we were not involved in the configuration)
2.No performance loss with the remote sonicwall VPN software clients connecting.
3.It only happened with the VPN tunnel between the 2 sonicwall 3060 servers.( These are also our firewalls)

Unfortunately we have not yet installed the MRTG software so we have no way of knowing the actual use of bandwidth.

I was wondering if there may be a common network mistake made when doing a point-to-point tunnel with a VPN that would kill the internet.

Thanks.

EMP & Lightning Home Surge Protection
EMP - Click Here!
Re: VPN point-to-point killed WAN connection for network. Config issue?
#263688 08/15/07 04:55 AM
Joined: Mar 2002
Posts: 411
Member
Offline
Member
Joined: Mar 2002
Posts: 411
In theory it should work fine. I would guess you had put in an IP that was in use or something similar. There may have also been DHCP servers on both devices that was confusing the clients, etc.

The bandwidth usage of a tunnel with no data is very minimal, just "I'm alive" chatter back and forth.

Re: VPN point-to-point killed WAN connection for network. Config issue?
#263689 08/16/07 10:38 AM
Joined: Jun 2006
Posts: 318
Member
Offline
Member
Joined: Jun 2006
Posts: 318
Are both T-1s connected to your local network? What are they currently used for? Sounds like a routing issue on the surface, or, as djweis mentioned, an ip conflict. I would be inclined to run some ping and traceroute tests on the clients just to see where the traffic is going.


Sometimes you carpe diem, sometimes your diem gets carped.
Re: VPN point-to-point killed WAN connection for network. Config issue?
#263690 08/16/07 06:08 PM
Joined: Aug 2005
Posts: 131
Member
Offline
Member
Joined: Aug 2005
Posts: 131
I really do not know how you have set this up but on a PIX or an ASA when you build the tunnel you have to create a nat(0) or "no nat" policy that says when my tunnel is up DO NOT NAT the traffic destined to xxx.xxx.xxx.xxx where xxx are all of the network addresses of the destination tunnel, all other traffic go out to the internet. Here is how I set it up in my PIX -

access-list 100 permit ip 192.168.1.0 255.255.255.0 192.168.202.0 255.255.255.0
access-list 100 permit ip 192.168.2.0 255.255.255.0 192.168.202.0 255.255.255.0
access-list 100 permit ip 192.168.3.0 255.255.255.0 192.168.202.0 255.255.255.0
access-list 100 permit ip 192.168.4.0 255.255.255.0 192.168.202.0 255.255.255.0
!
global (outside) 1 interface
nat (inside) 0 access-list 100
nat (inside) 1 192.168.0.0 255.255.0.0 0 0
!
Like someone mentioned allow ICMP and run some traceroutes.


Moderated by  tito1411 

Link Copied to Clipboard
Forum Search
Most Recent 5 Post
Vodavi Starplus DHS Unusual Events
by ABLE1 - 09/30/20 01:56 PM
WebRTC
by Coral Tech - 09/30/20 01:50 PM
SV9100 CP10
by teldata1 - 09/30/20 12:31 PM
SV9100 Software
by teldata1 - 09/30/20 11:41 AM
7100 Lan Printer Error
by RM SYSTEMS - 09/28/20 02:27 PM
Who's Online Now
32 members (hbiss, metelcom, Ruben, RATHER BE FISHING, teldata1, dexman, ABLE1, ILE, Bushmills, newtecky, hcotech, Daniel, JBean3329, justbill, Temperor, Bob3470, Touch Tone Tommy, BobRobert, Yoda, Comm.1, tim10, LenShustek, Professor Shadow, hitechcomm, Canteleco, gelehu, Coral Tech, vicbob, dans, Hofman telekom, MooreTel, Skunky), 605 guests, and 60 robots.
Key: Admin, Global Mod, Mod
Popular Topics (Views)
Forum Statistics
Forums94
Topics93,979
Posts637,380
Members49,357
Most Online5,661
May 23rd, 2018
Today's Birthdays
sandi ann
Newest Members
Hanale, xware, Adam19871, tmr-afmk, Big Alan
49356 Registered Users
Get Tech Support Now! Click the banner below
Get Tech Support Now!
Top Posters (30 Days)
dexman 32
hbiss 13
Ruben 13
ABLE1 12
Bluewater Sailing
https://www.patreon.com/bePatron?u=5256033
EMP Shield for Commercial - Home & Vehicle
Use Coupon code SAVE - Click Here!
Sold AD
Servpro Ventura 24-Hour Emergency Service
Free Estimates call us now 24Hours
Contact Us | Telephone System Tech Support | Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers.
©Copyright Sundance Communications 1998-2020
Trusted Partners