VPN config affecting office connectivity

[vb12]

I am using a Symantec VPN 200R appliance as a router/firewall.

The local LAN was set to 192.168.254.0 and the T1 internet connection acted like there were DNS issues, resolving only certain websites, or staying connected to MSN IM but not resolving any url's at all. Most of the time it's an intermittent issue that occurs throughout the (every) day.

I have changed the local LAN gateway to 192.168.254.1 and the connectivity issue has been resolved at the office.

The VPN Client software provided by Symantec is not allowing me to change the tunnel config setting to a .1 from .0 and nobody can connect to the server.

For the record, I do not consider myself an "Einstein" and try not to be "Elvis" whenever possible...

Any assistance is greatly appreciated

Andy

 

[DanInRaleigh]

andy,

could you be a little more specific with the topology..

...and dont quit understand the below..

The VPN Client software provided by Symantec is not allowing me to change the tunnel config setting to a .1 from .0 and nobody can connect to the server.

....what was set to .0? the gateway IP the outside IP..the subnet mask..
..if it was a IP address dont understand why .0 and not something definitive..

...just trying to get this started..

CCNP,CCSP,MCSE,Sec+,Net+,A+...

 

[vb12]

the gateway IP (behind the office firewall) was set to 192.168.254.0
the subnet mask was set to 255.255.255.0

so to explain, on the client vpn software side I enter the public IP to establish the connection to the router at the office, and then in I enter the subnet mask and gateway IP(local lan behind the firewall) for the tunnel config.

the connection happens in two stages, 1st to the router and then creates the tunnel using the gateway IP (local lan behind the firewall)

To clarify, when the office local lan gateway IP is 192.168.254.0 - the office has spotty connectivity to the net but the outside VPN users have no problems staying connected all day long.

Seems that if I change the office local lan gateway to 192.168.254.1 - the internet connection is perfectly stable but the VPN folks cannot make a connection.

hope this helps..

 

[DanInRaleigh]

wow..
..how did 192.168.254.0 ever work? the local lan should have never been able to get outside...but i think thats what you are saying..
..i dont even know how that device let you even put that ip address in there..
...so the vpn clients on the

http://www connect

to the routers outside interface (the tunnel)..but the vpn clients cant ping the lan and lan cant ping the vpn clients..
..i'm sorry i dont know your actual device but i bet this answer is close to what you need..
...a static route pointing towards the lan..and a static route pointing to the vpn clients...
..i'm not sure what you are saying about the two stages of vpn..
..isnt the vpn clients just tunneling to the firewalls outside device.
...its either tunnel mode (vpn client to router) or transport mode (vpn client going through the router/firewall to another windows box)

..i think this makes since..
...just trying to throw ideas around...



CCNP,CCSP,MCSE,Sec+,Net+,A+...

 

[vb12]

you seem to have a handle on this problem, and yes it is a tunnel mode VPN.

what are the IP / Subnet settings you recommend I try?

also, is there a preferred VPN client software app I could try?