Remote Access VPN occasionally unable to access one server

sankurisanthosh · ‎06-07-2011

Hello,

Remote user is facing a strange problem. below are the details

Problem: user occasionally disconnecting from one server, at the same time able to access other server without any problem

Setup: |-----Gi1/0/1 TEST Server

|-------Core Switch ---- Server Switch ----|

Remoteuser--- Internet---ISP Router---WAN Sw------- | |-----Gi1/0/1 Prod server

|

|-------VPN Concentrator

Details:

Both the servers are on same vlan with same Netmask and Gateway

Both the servers are running on FreeBSD OS and identical configurations

Remote user accessing servers from FreeBSD OS PC using linux vpn client

During the outage remote user unable to ping to prod server and however able to ping TEST Server

During outage to prod server even the trace is reaching to public IPs and dropping somewhere

Outages looks random and no pattern observed

Only one user access the server and no data transfers

This looks very strange.

Please share your thoughts and comments in order to solve the problem.

/San

sankurisanthosh · ‎06-07-2011

The above is the setup diagram

/San

sankurisanthosh · ‎06-27-2011

No Body answered this question....

praprama · ‎07-08-2011

Hi San,

Where is the VPN terminating on your network?

Regards,

Papanch

s-santhosh · ‎07-12-2011

HI Prapanch,

@remoteuser side -- VPN terminated on FreeBSD server, this server is connected to Internet.

Thanks for responding

/San

praprama · ‎07-12-2011

Hi San,

So my understanding is that the VPN involved is not a Cisco solution. Also, in the topology u drew above, which is the FreeBSD server on which the VPN is terminating?

Regards,

Prapanch

s-santhosh · ‎07-12-2011

Hi Prapanch,

Below is the topology again,

All the red colour font are using Cisco Devices, expect TEST and Production server. At Client end they are configure the VPNC on FreeBSD. Remote user first establishes the VPN from FreeBSD and a tunnel interface is created. They access the servers thru CLI only. TEST and Production servers are also FreeBSD servers.

Please let me know any other info.

/San

praprama · ‎07-12-2011

Hi San,

Appreciate that. things are a clearer now. frankly. i am not really sure how this VPN works with the FreeBSD server and client and hence cannot really help you out with that.

When you are unable to connect to the Prod Server, are you able to ping it from the Core switch?

Regards,

Prapanch

s-santhosh · ‎07-12-2011

Hi Prapanch,

yes, I'm able to ping production server from Core, during the problem time

/San

praprama · ‎07-14-2011

Hi San,

Still a little confused. What are the 2 end devices for the VPN? Is the VPN concentrator involved?

Regards,

Prapanch

s-santhosh · ‎07-14-2011

Hi Prapanch,

It's a Remote Access VPN. At my end Cisco VPN Concentrator is involved and at client VPN is terminated on FreeBSD server. They are using VPNC configured on freebsd.

/San