Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Global VPN Client issues - Windows DHCP server filling up with BAD_ADDRESS

NoMaxNoMax Newbie ✭
edited December 2021 in Mid Range Firewalls

We have been experiencing issues with our Global VPN client users for some time now and I have not been able to find a resolution to the problem. Here is a description of what is happening. We have 2 SonicWall NSA 2600s in HA mode,

A user is working from home using the global VPN client. Instead of shutting down their PC when they are finished working, they just close the lid or let the compuer enter sleep mode. When they come into the office and wake their PC the VPN client will still be running. If you look at the VPN client on their PC it will be stuck on "Authenticating".

What happens in this scenario is all the unused DHCP addresses on our Windows DHCP server will be taken up with BAD_ADDRESS coming from this client with the VPN active. I can go into Wireshark to see the DHCP Deny entries and find the MAC address of the PC who is running the VPN client while in the office. The BAD_ADDRESS entries will continue to be generated until the entire range of DHCP addresses is exhausted.

Windows DHCP Server BAD_ADDRESS:

Win DHCP BAD.jpg


Wireshark DHCP Deny example:

Wireshark DHCP trace.jpg

The DHCP server handling the requests for the Global VPN client is the SonicWall and the network is 192.168.13.0 /24

The DPCP server handling the requests for the on-site Office network is WIndows Server 2016 and the network is 192.168.3.0/24

There is no overlap of networks serveved by the 2 DHCP servers. I have had several tickets open with SonicWall support and so far thay have not been able to resolve the issue. I am hoping someone here can provide some insight.

Thank you in advance for any suggestions you may have.

Category: Mid Range Firewalls
Reply

Answers

Sign In or Register to comment.