VPN connection stops sending/receiving packets after connecting

Welcome swalter.  Our Tier 2 group updated the config files on the gateways. Please let us know if you are still having issues.

Thank You

Is the Sonic Wall got a public address on the outside interface?  (dumb question I know but you would be surprised at the number of people who just plug in a firewall and don't bother to check that it is indeed using a public IP and not the translated IP from the dhcp server on the modem)

what is the bandwidth?  All firewalls have CPU limits and if it works on the slow T1 but bogs on the cable link running at ten times the speed that may be the trouble.

what is the brand of cable modem?

Still having those issues as described.

80% sure that it has a public address on the outside interface (assuming since I am able to connect and stay connected on our other internet connection).

Other internet connection is 2 T1's bonded (3mbps)

---

@tmittelstaedt wrote:

Is the Sonic Wall got a public address on the outside interface?  (dumb question I know but you would be surprised at the number of people who just plug in a firewall and don't bother to check that it is indeed using a public IP and not the translated IP from the dhcp server on the modem)

 

what is the bandwidth?  All firewalls have CPU limits and if it works on the slow T1 but bogs on the cable link running at ten times the speed that may be the trouble.

 

what is the brand of cable modem?

---

your other internet connection would use a different public address.  Actually for the sonic wall to properly support the comcast link and the att link it should have 2 independent wan interfaces, one plugged to comcast, one to att, one numbered from att's numbers one numbered from comcast's numbers.

what is the cable modem make and model?  what is the speed of the comcast link?  (upstream) do you have a lot of fancy layer 3 deep packet inspection enabled on the firewall?

---

@tmittelstaedt wrote:

your other internet connection would use a different public address.  Actually for the sonic wall to properly support the comcast link and the att link it should have 2 independent wan interfaces, one plugged to comcast, one to att, one numbered from att's numbers one numbered from comcast's numbers.

 

what is the cable modem make and model?  what is the speed of the comcast link?  (upstream) do you have a lot of fancy layer 3 deep packet inspection enabled on the firewall?

---

X0 = LAN Interface

X1 = AT&T Line WAN Interface with an IP from AT&T

X2 = AT&T Line DMZ Transparent Mode Interface with same IP Info from X1

X3 = Comcast WAN Interface with an IP from Comcast

It's an SMCD3G-CCR cable modem. 

We have the Extreme 105 package. 50 down/10 up from a speedtest I just did.

No Deep Packet Inspection on the Sonicwall.

Any updates or a possible solution to this issue?

This one is going to be a tricky one, since it's (apparently) only VPN traffic affected.  I'm assuming other connectivity traffic is unaffected, correct?  Like if for example you do an FTP transfer to a remote host for a really large file that would take 1/2 hour to UPLOAD and DOWNLOAD that it would NOT tank, correct?  (strong hint - if you haven't done that kind of a test yet - do it)

I would call Comcast support and make sure ALL firewalling possible is turned OFF on the modem.  That modem has some fancy CRAP in it that firewalls for the clueless people out there and it is not intuitive to know how to turn it off.  Also there is no guarentee the modem is really and truly setup the way the webinterface on it claims it's setup, the webinterface is just for us plebes, the real guts of the thing only the techs can get at.

You can scout around on the Internet on this modem model and find out how to turn all the firewalling on it off, if you want to try DIY.  If you do, then reset the modem to factory defaults, immediately login to it, turn of EVERYTHING and then see how it works out.

If that does not work I would try a different VPN protocol/VPN device.  I have that same modem and I have a PPTP server setup here (on a public number) and I have no problems with using it.

---

@tmittelstaedt wrote:

This one is going to be a tricky one, since it's (apparently) only VPN traffic affected.  I'm assuming other connectivity traffic is unaffected, correct?  Like if for example you do an FTP transfer to a remote host for a really large file that would take 1/2 hour to UPLOAD and DOWNLOAD that it would NOT tank, correct?  (strong hint - if you haven't done that kind of a test yet - do it)

 

I would call Comcast support and make sure ALL firewalling possible is turned OFF on the modem.  That modem has some fancy CRAP in it that firewalls for the clueless people out there and it is not intuitive to know how to turn it off.  Also there is no guarentee the modem is really and truly setup the way the webinterface on it claims it's setup, the webinterface is just for us plebes, the real guts of the thing only the techs can get at.

 

You can scout around on the Internet on this modem model and find out how to turn all the firewalling on it off, if you want to try DIY.  If you do, then reset the modem to factory defaults, immediately login to it, turn of EVERYTHING and then see how it works out.

 

If that does not work I would try a different VPN protocol/VPN device.  I have that same modem and I have a PPTP server setup here (on a public number) and I have no problems with using it.

---

All of our user workstation internet traffic goes through it. I would have users letting me know that the internet wasn't working if it was more than just VPN traffic.

I had comcast check and they said that the firewall was off on the modem.

I'm stuck with Sonicwall for now. I could just chalk it up to Comcast hating VPN packets, but this is their business class connection. I have projects that are being held up because I need a stable VPN connection with more bandwidth available. I am really hoping and searching for a solution.