NetExtender Connects but Can't browse Network
Hi Experts,
Having an issue where my users are able to connect via NetExtender but cannot not browse the remote network.
This is happening intermittently as I can go 2 days connecting and logging on to Servers and then out of nowhere I am not able to connect to network. But I am always able to connect the NetExtender.
This is what I've done so far:
- Made sure to add SSLVPN Services in Members Tab
- Confirmed the VPN Access has LAN Subnet in the Access List
- Users all have LAN Subnet in the Access List
Again, some days work fine and then not able to connect to network at all.
Please Help, Rads are very frustrated.
Thanks!
Best Answer
-
TKWITS Community Legend ✭✭✭✭✭
Do you have overlapping subnet addresses? E.g. your Sonicwall LAN interface is 192.168.1.x/24 and the remote users LAN is also 192.168.1.x/24.
Is their a time frame when this happens to the remote users? Like always at 11am or always after 2 hours of being connected?
We can only make so many suggestions...
0
Answers
What firmware is the firewall on? What NetExtender version? Is the internal LAN network stable at the time the issue occurs?
Firmware: 6.5.1.3-12n
NetExtender: 10.2.309
Yes, the internal network is stable.
Thanks for your help.
6.5.1.3 is almost two years old, you should upgrade your firmware...
I upgraded to Firmware v6.5.4.8.
I will monitor tomorrow to see if this is still happening.
Thanks!
Hi @RICHARDMCF,
Have you ensured Client Routes are configured with the appropriate LAN Subnets in the SSLVPN? This is also needed for the access to happen.
Is this issue common to all SSLVPN users from various locations or to specific SSLVPN users?
The best way to determine the root cause of the issue is to perform a packet capture on the SonicWall during the issue occurrence.
Let me know how it goes.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
After I upgraded to Firmware v6.5.4.8 it continues to connect via NetExtender but not to network.
I followed instruction for setting up monitoring. It happens to all SSLVPN users but not at the same time. How I resolve the issue when it happens is this:
This works for a couple of days and then I have to repeat the process all over again for everyone.
Thanks!
You keep saying "this works for a couple of days". Are you implying the clients are connected for days at a time? Do you have quotas for the users?
If your 'fix' involves restarting the client-side devices than it seems the issue lies on the client side. Is there a reason the radiology application is only accessible via the VPN (e.g. it doesn't have a secured web interface)? Most PACS I've worked with have secured web interfaces.
Yes, they are able to work days at a time with no issues at all. They are not using a physician's portal for reading but the app itself which requires them to connect via NetExtender first.
I was doing some reading and saw that it could be the SSLVPN licensing that could be causing the issue but the updated firmware I see addressed that. Where 5 users could be on the SonicWALL is taking up 11 licenses. It says it was resolved in Firmware 6.5.4.8.
But I also think that it's on the client side maybe something with their ISP, because each time I have to reboot the ISP router and it comes back. But however, each one of the users are using different ISPs so I am still in limbo.
Thanks!
Hi @RICHARDMCF,
Does this affect all kind of traffics like Ping or RDP or Radiology application from the SSLVPN client?
Best way to find the root cause is to perform a packet capture on the SonicWall.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
You still haven't answered my questions. Are the clients staying connected to NetExtender for days at a time? Do you have quotas setup for the users?
No they are not, and there are no quotas.
So next up is Saravanans query, does all VPN traffic cease at the time of issue? Does general internet traffic cease at the time of issue?
Yes to tunnel traffic and No to internet. Any remote network resources are not available when this happens but the internet is constant, they never lose internet.
There is no overlapping addresses. Natting in place. There is no particular time when it happens... it just happens. Can work fine for days and then it don't. I was hoping there was a solution or someone else saw this before. I guess I will keep researching the issue.
Thanks for your help.
Hi @RICHARDMCF,
Since the issue is tricky and happens randomly, we need to capture packets on the SonicWall during the issue time and understand the behavior of the packets and how SonicWall handles the packets at that time.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
What are you NAT-ing? Can you replicate the issue on your own? If so, run packet captures during the issue on both the Sonicwall and whatever equipment you have in your home/test environment. Compare the two, see where the packets are lost.
Research only gets you so far, you have to troubleshoot. Isolate the problem as best you can, going layer by layer, step by step. Open a ticket with support if you have it.
HI.
I have the same issue. Log in fine today and connect to my network and the next day can't access it. Very frustrating. Happens to the other remote users as well. Were you able to resolve the issue?
Laura