PDA

View Full Version : ipsec tunnel not working....



falvrez
13-10-2003, 02:34 PM
Afternoon all

We have an Ipsec tunnel running between two sites which has been working perfectly until last week,...now, nothing.
We have 2 static Ips from telecom.
Both sites have web/email access.
Both sites snapgear hardware firewalls/dlink adsl routers
Two users at one site using MS's remote desktop for access from home with VPN connection settings in snapgaer firewall.
So! I can ping the IP address of the "other" site - I can't ping hte static Ip address for the site where I'm based (no reply to ping).
But I can access the domain at this site from home and log into domain, but can't access my PC using remote desktop (which pretty much bombed same time as ipsec tunnel).
I have uninstalled two MS pataches that were installed about teh time last week when the tunnel went down (823980 & 824146) but no change.

Any ideas? At a loss here and need fresh blood.

Graham L
13-10-2003, 02:45 PM
Have your certificates expired? VPN would probably not say why it won't connect ... that's good security ;-)

falvrez
14-10-2003, 02:37 PM
HI Graham, thnaks for the suggestion.

In the end it was some excellent help from the Snapgear people in the States...they're website may be lacking in content, but the support over email was excellent. Of course he only changed 2 settings (which I had already changed many times over) and the VPN tunnel decided it would work...Murphy's law.

Anyway IPSec tunnel is now all go, if it a bit more tempremental than before.

But! Now two users who previuously had access to their work PCs using Xp's remote desktop connection no longer have access. They (and I) can both log on to our domain through the firewall (which blocks no VPN traffic once you are in) but get the error message "the client could not connect to the remote computer. Remote connections may not be enabled...blah blah blah....try again later blah blah blah."

As I say this worked only last week - checked my own PC, it's listening in on port 3389...so now at a loss, as is Snapgear. Their firewall allows all VPN traffic, and there is stuff all you can alter with regards to remote desktop connection (which I've tried uninstalling and reinstalling no change)...ideas?