Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

NetExtender Connects but Can't browse Network

RichardMcFRichardMcF Newbie ✭

Hi Experts,

Having an issue where my users are able to connect via NetExtender but cannot not browse the remote network.

This is happening intermittently as I can go 2 days connecting and logging on to Servers and then out of nowhere I am not able to connect to network. But I am always able to connect the NetExtender.

This is what I've done so far:

  1. Made sure to add SSLVPN Services in Members Tab
  2. Confirmed the VPN Access has LAN Subnet in the Access List
  3. Users all have LAN Subnet in the Access List

Again, some days work fine and then not able to connect to network at all.

Please Help, Rads are very frustrated.

Thanks!

Category: SSL VPN
Reply

Best Answer

  • CORRECT ANSWER
    TKWITSTKWITS All-Knowing Sage ✭✭✭✭
    Accepted Answer

    Do you have overlapping subnet addresses? E.g. your Sonicwall LAN interface is 192.168.1.x/24 and the remote users LAN is also 192.168.1.x/24.

    Is their a time frame when this happens to the remote users? Like always at 11am or always after 2 hours of being connected?

    We can only make so many suggestions...

Answers

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    What firmware is the firewall on? What NetExtender version? Is the internal LAN network stable at the time the issue occurs?

  • RichardMcFRichardMcF Newbie ✭

    Firmware: 6.5.1.3-12n

    NetExtender: 10.2.309

    Yes, the internal network is stable.

    Thanks for your help.

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    6.5.1.3 is almost two years old, you should upgrade your firmware...

  • RichardMcFRichardMcF Newbie ✭

    I upgraded to Firmware v6.5.4.8.

    I will monitor tomorrow to see if this is still happening.

    Thanks!

  • SaravananSaravanan Moderator

    Hi @RICHARDMCF,

    Have you ensured Client Routes are configured with the appropriate LAN Subnets in the SSLVPN? This is also needed for the access to happen.

    Is this issue common to all SSLVPN users from various locations or to specific SSLVPN users?

    The best way to determine the root cause of the issue is to perform a packet capture on the SonicWall during the issue occurrence.

    Let me know how it goes.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • RichardMcFRichardMcF Newbie ✭

    After I upgraded to Firmware v6.5.4.8 it continues to connect via NetExtender but not to network.

    I followed instruction for setting up monitoring. It happens to all SSLVPN users but not at the same time. How I resolve the issue when it happens is this:

    1. Restart the ISP router
    2. Ipconfig /flushdns
    3. ipconfig /release
    4. ipconfig /renew
    5. Start NetExtender
    6. Start Radiology application to connect to remote network

    This works for a couple of days and then I have to repeat the process all over again for everyone.

    Thanks!

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭
    edited July 7

    You keep saying "this works for a couple of days". Are you implying the clients are connected for days at a time? Do you have quotas for the users?

    If your 'fix' involves restarting the client-side devices than it seems the issue lies on the client side. Is there a reason the radiology application is only accessible via the VPN (e.g. it doesn't have a secured web interface)? Most PACS I've worked with have secured web interfaces.

  • RichardMcFRichardMcF Newbie ✭

    Yes, they are able to work days at a time with no issues at all. They are not using a physician's portal for reading but the app itself which requires them to connect via NetExtender first.

    I was doing some reading and saw that it could be the SSLVPN licensing that could be causing the issue but the updated firmware I see addressed that. Where 5 users could be on the SonicWALL is taking up 11 licenses. It says it was resolved in Firmware 6.5.4.8.

    But I also think that it's on the client side maybe something with their ISP, because each time I have to reboot the ISP router and it comes back. But however, each one of the users are using different ISPs so I am still in limbo.

    Thanks!

  • SaravananSaravanan Moderator

    Hi @RICHARDMCF,

    Does this affect all kind of traffics like Ping or RDP or Radiology application from the SSLVPN client?

    Best way to find the root cause is to perform a packet capture on the SonicWall.


    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    You still haven't answered my questions. Are the clients staying connected to NetExtender for days at a time? Do you have quotas setup for the users?

  • RichardMcFRichardMcF Newbie ✭

    No they are not, and there are no quotas.

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    So next up is Saravanans query, does all VPN traffic cease at the time of issue? Does general internet traffic cease at the time of issue?

  • RichardMcFRichardMcF Newbie ✭

    Yes to tunnel traffic and No to internet. Any remote network resources are not available when this happens but the internet is constant, they never lose internet.

  • RichardMcFRichardMcF Newbie ✭

    There is no overlapping addresses. Natting in place. There is no particular time when it happens... it just happens. Can work fine for days and then it don't. I was hoping there was a solution or someone else saw this before. I guess I will keep researching the issue.

    Thanks for your help.

  • SaravananSaravanan Moderator

    Hi @RICHARDMCF,

    Since the issue is tricky and happens randomly, we need to capture packets on the SonicWall during the issue time and understand the behavior of the packets and how SonicWall handles the packets at that time.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    What are you NAT-ing? Can you replicate the issue on your own? If so, run packet captures during the issue on both the Sonicwall and whatever equipment you have in your home/test environment. Compare the two, see where the packets are lost.

    Research only gets you so far, you have to troubleshoot. Isolate the problem as best you can, going layer by layer, step by step. Open a ticket with support if you have it.

Sign In or Register to comment.