PDA

View Full Version : VPN connectivity strange issue



Beckteck
03-24-08, 07:36 PM
I hope that this is the right group for this question. It really has
me baffled. I have 13 or so sites and a central site running hardware
based VPNs. The central site is a CISCO 1800 series router and each
remote site has a 871 series router. Each site is running EIGRP is
running centrally so that we can hit any IP address from any other
site. It has been primarily set up in order to allow centralized
monitoring and accounting as well as easing printing capabilities for
Terminal Service clients. This architecture will probably stay in
place for another year while we move from standard T1 circuits to a
full MPLS network provided by the host of our central site. The
problem I am having involves 3 of these remote sites. One has a
database application running on Win 2K server. It is also acting as
the terminal server, license server and print server for a single user
at each of the other 2 sites (and 8 local users). The site with the
server (192.168.129.xxx) has printers mapped to each of the other 2
sites (192.168.3.xxx and 192.168.9.xxx) so that they can print from
RDP session. The problem is that everything will be running great and
then just out of the blue, sometimes 4 times a week, a single IP
address becomes unreachable. If I change the IP address workstation
the user can RDP to the private address of the server. If I change
the IP address of the user's printer and the printer port on the
server to reflect that communication is restored. Also, if I put a
static NAT translation (public to private) in place and change the RDP
info to hit the public address the workstation can connect. This
doesn't work when the printer communication is failed though for
obvious reasons.

Example: User 1 with IP address of 192.168.3.33 is connecting through
terminal services to server with IP address of 192.168.129.6 which is
mapped to printer with IP address of 192.168.3.21. Suddenly the
connection to the server will drop and nothing on the 192.168.129.xxx
network (or any other remote site network) can ping 192.168.3.33
address. IP scan turns up dead host on that network as well.
However, if I log into any device on the 192.168.3.xxx network I can
ping 192.168.3.33 address. If I change the IP address of the
192.168.3.33 host to any other address (Assigned DHCP or Statically)
all communication comes up as before. Also, if the user leaves for
the day and comes back in the morning all communication is up as
usual.