Well, The problem has resolved itself but not due to any action on my part. I am evaluating the options that you suggested to help in tracking down the problem if/when it reoccurs. It is definitely looking like it was Cox cables problem.
Thanks for the help and I sorry I didn't get back with the results. I have been battling network issues with our Covad serviced accounts all day today. -----Original Message----- From: John Tolmachoff [mailto:[EMAIL PROTECTED]] Sent: Monday, December 16, 2002 12:26 PM To: [EMAIL PROTECTED] Cc: 'Scott R. Morgan' Subject: RE: [SonicWALL]- Problem with dropped VPN connection Has this been resolved? John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott R. Morgan Sent: Thursday, December 12, 2002 12:16 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [SonicWALL]- Problem with dropped VPN connection Thanks, I will try the manual connection SA. I am not familiar with it so will have to read up on it. I will also set up a user as suggested. I currently have the log files emailed to an external email address, but I do not know if my setting of forcing all traffic through the VPN SA will prevent the mail from going outbound. -----Original Message----- From: John Tolmachoff [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 11:19 AM To: Cc: 'Scott R. Morgan' Subject: RE: [SonicWALL]- Problem with dropped VPN connection > The problem is only at this one remote office. It is a business cable > subscription with Cox cable in west Texas with 8 static IP addresses. > My suspicion is that the problem is with Cox cable, but the fact that a > reboot of the Sonicwall solves the problem temporarily makes me wonder. Clue, Cable connection. Try using a manual key SA and see what happens. Here Pre-Shared Secret based SA is extremely hit and miss with Adelphia Cable. (Mostly miss.) One thing you can do is set up a user on the SonicWall that only has access to read. Then, they could log on and read the current IP, then give you that IP. Then you could enable remote administration through HTTPS and connect remotely. Do you have the logs sent to a server only reachable through the VPN, if so, try one outside of the VPN, that way even if the VPN is down, you will still get them. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott R. Morgan Sent: Thursday, December 12, 2002 8:26 AM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- [PERIODIC sonicwall DIGEST POSTING] After repeated attempts at keeping the VPN up yesterday I gave up. Then after about 6 hours, I got the log files from the Tele3 emailed to me. The log had filled up with responses like the ones below: 12/11/2002 13:46:46.032 IKE Initiator: No response - remote party timeout or SA mis-match (Remote IP Address), 500 (Pro200's Ip Address), 500 12/11/2002 13:46:52.032 IKE Initiator: No response - remote party timeout or SA mis-match (Remotes IP Address), 500 (Pro200's Ip Address), 500 It sure looks like an underlying network problem but without direct internet access at the restaurant, there is simply no way to tell. I have thought about enabling ping on the Sonicwall to be able to tracert the problem when it re-occurs. I have also thought about changing the admin password so that I can have my end user use the tools in the Sonicwall to check for network connectivity when it goes down again, unfortunately I would need to make either one of these changes now while I have a reliable connection in place for when we have network problems again. Today everything is up and running like a champ, but this problem re-occurs about once a month. What are your thoughts regarding security issues when enabling ping? This box does not currently seem to attract any attention by kiddie hacking scripts and very little port scanning traffic but I know that if I enable it, it will then become a new target. I currently am only logging System Maintenance, System Errors, and Attacks. I hate having to receive three emails a day by enabling network debugging, besides when the system goes down the emails aren't being sent to me, only when the network comes back up but I am willing to look at it as a last resort, unless there is a way to log the files into an SNMP server on the LAN. Do you know of a good, free server that will run on Windows 2000 Pro as a service? BTW Please cc a copy of any responses to my email address, I subscribe to the list in digest mode. Scott R. Morgan [EMAIL PROTECTED] SUPERIOR RESTAURANT MANAGEMENT SERVICES (512) 443-3979 (512) 416-9621 (Fax) USPA A-29450 Only a skydiver knows why the birds sing.... They don't have to repack a parachute every time they land!!! ===================================================== From: "John Tolmachoff" <[EMAIL PROTECTED]> Subject: RE: [SonicWALL]- Problem with dropped VPN Connection Date: Wed, 11 Dec 2002 10:22:41 -0800 Reply-To: [EMAIL PROTECTED] The remotes you are having a problem with, are they random units, or all = on DSL or all on Cable? John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On = Behalf Of Scott R. Morgan Sent: Wednesday, December 11, 2002 9:34 AM To: [EMAIL PROTECTED] Subject: [SonicWALL]- Problem with dropped VPN Connection Let me preface this that this SA has worked for going on 4 months. We are running a Pro 200 as our hub and tele3's as our spokes in a VPN configuration. At our remote office sites, I have the Sonicwall set up to disallow any direct internet access, instead routing all network traffic through the VPN SA to the Pro200. The remote locations are set up with static IP addresses on either DSL or Commercial Cable modem accounts. Now, we will lose the VPN connection and only when we hard power off the Sonicwall at the remote location can we get a VPN connection to complete. It will then, for no reason suddenly drop the connection and not reconnect. I cannot figure out whether it is a problem with our ISP or the Tele3. Here are our settings: At the remote location, we use a SA set up as follows: IPSEC Keying Mode - IKE Using Pre-Shared Secret IPSEC Gateway - Points to Pro200 Phase1 DH Group - Group1 SA Lifetime (secs) - 28000 Phase I Encryption/Auth - 3DES & MD5 Phase I Encryption/Auth - Strong Encrypt and Auth (ESP 3DES HMAC MD5) Radio Button Selected - Use this SA as default route for all internet traffic Under Advanced Settings: Checked - Enable Windows Networking (NetBIOS) broadcast=20 At the Pro200: IPSEC Keying Mode - IKE Using Pre-Shared Secret IPSEC Gateway - Points to Static IP Address assigned to Remote Tele3 Phase1 DH Group - Group1 SA Lifetime (secs) - 604800 Phase I Encryption/Auth - 3DES & MD5 Phase I Encryption/Auth - Strong Encrypt and Auth (ESP 3DES HMAC MD5) Networks Added: 192.168.3.0 255.255.255.255 Under Advanced Settings: Checked - Enable Windows Networking (NetBIOS) broadcast Checked - Forward Packets to Remote VPN Default LAN Gateway - 192.168.1.1 (This is our Corporate Web proxy server) Here is the Log file from the Pro200 when the Tele3 connects: 12/11/2002 11:03:44.880 IKE Responder: Begin Main Mode Phase 1 =20 12/11/2002 11:03:45.464 IKE Responder: Main Mode Phase 1 Done =20 12/11/2002 11:03:45.608 IKE Responder: Begin Phase 2 =20 12/11/2002 11:03:45.608 IKE Responder: Accepting IPSec proposal (RemoteTele3IP) (Pro200IP)=20 12/11/2002 11:03:45.768 IKE negotiation complete. Adding IPSec SA. Phase 2 Done (Pro200IP) (RemoteTele3IP) lifeSeconds=3D604800 remote range: (192.168.3.1 - 192.168.3.254) =20 12/11/2002 11:07:50.432 IKE Initiator: No response - remote party timeout or SA mis-match (Pro200IP), 500 (RemoteTele3IP), 500 =20 12/11/2002 11:07:58.432 IKE Initiator: No response - remote party timeout or SA mis-match (Pro200IP), 500 (RemoteTele3IP), 500 =20 12/11/2002 11:08:11.432 IKE Initiator: No response - remote party timeout or SA mis-match (Pro200IP), 500 (RemoteTele3IP), 500 =20 Can anyone here help me in figuring out where my network is breaking? --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude/F-Prot AV] ======================================================================== ==== ======================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude/F-Prot AV] ======================================================================== ==== ======================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude/F-Prot AV] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
