You can access the opposite side with the VPN tunnel disconnected? Do a traceroute and find what it's going through to get there. If you pull the plug on the cable modem, does it fail?
Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com From: Jimmy Tran <ji...@jt-solution.com> To: "ntsysadm@lists.myitforum.com" <ntsysadm@lists.myitforum.com> Date: 02/20/2014 04:23 PM Subject: RE: [NTSysADM] strange network issue Sent by: listsad...@lists.myitforum.com That is what I thought but it still works with the VPN disconnected. I even changed the darn thing to a cheapo dlink home router and I can still access the other side. From: listsad...@lists.myitforum.com [ mailto:listsad...@lists.myitforum.com] On Behalf Of Christopher Bodnar Sent: Thursday, February 20, 2014 1:17 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] strange network issue It sounds like DHCPRELAY is enabled on the inside interfaces of the cisco firewalls, which is not what you want. It's allowing the packets to get to the opposite side of the tunnel. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com From: Jimmy Tran <ji...@jt-solution.com> To: "ntsysadm@lists.myitforum.com" <ntsysadm@lists.myitforum.com> Date: 02/20/2014 04:06 PM Subject: [NTSysADM] strange network issue Sent by: listsad...@lists.myitforum.com 2 offices, both have cisco rv220w firewalls, both use Comcast business and are across the street from each other. Office A has a 192.168.0.0 network and office B has a 10.0.1.0 network. Each offices respective firewall handles dns and dhcp. Background: I set a site to site vpn between the two locations. They can access each other’s offices. Problem: I go in today because users complain they cannot access certain file share. I look at their IP address on the workstation sharing the files in Site B and sure enough, they have IP addresses from site A. I’ve been pulling my hair out trying to figure out how this is possible. I decided to kill the vpn, reboot both firewalls. I do a ipconfig /release and /renew on the said file server (workstation), it still pulls an IP address from site A. I then give the said workstation a static IP from its own subnet, everything works fine. I can access everything in its own subnet. I cannot access the Site A. I then tested and gave it a static IP from the remote office (Site A). I can now see everything in the remote office. I decided to shutdown the firewall and Comcast modem. You would think I can’t get out of the office but I can still access the remote site and even get online. What in the world is the problem? Is it possible Comcast came out, did some work and screwed something up? I have a Comcast field tech coming out in a few hours but would like to figure out what the heck is going on. Does anyone have any suggestions on what I can do to troubleshoot this? -Jimmy ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
<<image/jpeg>>
<<image/jpeg>>