03-26-2010 06:57 AM
Hi all, I have a question regarding roadrunner ISP and vpn.
I currently have one remote user that is using road runner service as their ISP. When they access the VPN they establish connection to the asa 5510, but cannot access anything internally. When the remote user tries to access anything (internal site) from their browser they receive random search engine responses as if they were not even connected to the VPN.
The rest of our remote users (about 15) don't have this problem at all. The only common thing is this remote user in particular uses roadrunner services and I've heard issues where their services may not allow pass through?
I guess my question is, is this possible? Should I contact her ISP to see if this is such? I know how ISP like to pass the buck on things like this and point the finger back to my end...just want to make sure my end is ok. Is there anything I need to do on my end with my ASA?
Again...this one user is isolated..no one else has this issue.
Thanks
03-26-2010 07:23 AM
I am using Road Runner right now. I don't think they block VPN traffic. Is the ASA configured for NAT traversal? Is it possible that this person's LAN address overlaps with LAN on the inside of your ASA?
03-26-2010 07:29 AM
First thanks for the reply slmansfield.
Yes , the asa is configured for NAT traversal. Addresses do not overlap either.
03-26-2010 07:36 AM
Is it possible that there is s device on the client side or on your central site side that could filter IPSEC traffic?
I have had other problems with my Road Runner connection. Did you verify that there are no connectivity issues at this site? If you are randomly getting to some sites but not others, perhaps it is due to a bad connection.
03-26-2010 07:50 AM
thanks again for the reply.
yes all internal sites are up and functional to all the remote users (we basically are a company that over 80% of the employees are remote lol) ...so again..they are up or I'd be getting slammed (plus I checked them all from an outside remote system I have online off site).
Most of our users use comcast, bellsouth, verizon..etc. This is the only user with roadrunner, and I've heard of issues with them and vpn before...just never had my own issues until now.
Also I have nothing on my end (IDS or anything) to filter the user out. No acl's or anything. The users should have a clear path to our LAN upon connectivity.
The user does indeed have connection to their internet (we are able to establish a remote session to access the system we provided them over the internet with or without VPN)
That leaves the users internal set up and carrier services. User is going wireless through linksys, so my tech is clerifying that vpn pass through is checked on the wireless router...other than that. lol
03-26-2010 09:43 AM
I just meant that this specific site could have a connectivity problem. VPN is more sensitive to connectivity issues than regular web access, and the symptom of intermittent issues with web access made me wonder if you have a connectivity issue at that remote site.
Also, wireless access would make a connectivity problem seem worse because signal strength can be a factor within the range of wireless access.
If the person could try wired acces for awhile to see if the problem continues to occur that would rule out the wireless setup.
You might also check the routing table of the PC before and after connecting to your central site, just to rule out routing confusion as the cause of this problem.
HTH
03-26-2010 09:53 AM
Once again Slmansfield thanks for the feedback. Everything helps, so keep it coming. I won't rule out trying anything as a possibility in the IT world. lol
We've informed the remote user to contact us (they are a few time zone behind us here) when they are available to do some troubleshooting at their location and also get Time Warner RR on the phone as well.
I will keep you posted on what we find out. thanks again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide