No VPN Signal

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
techgy
Community Moderators
Posts: 3174
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

No VPN Signal

Postby techgy » Sun Sep 07, 2008 11:39 am

I am the STS for our stake and have recently installed 3 of 4 Cisco firewalls. We've having a problem with the final installation. Internet is DSL (Dynamic IP). When the firewall is plugged into the modem - with nothing else in the way - and all according to instructions - we get no VPN light on the firewall.

Without this indicator the GSD cannot communicate with the firewall and thus it can't be activated.
So far we've been jumping through hoops with little success. I considered the possibility that we may be dealing with a distance issue, but after taking the firewall to a member's home who lives further away from the central phone office and finding that the firewall worked there, I discounted that possibility.

Without the firewall the DSL works just fine.

I'd appreciate any suggestions as to what might be the problem. My next step would be to contact the ISP and have them send out a repair tech, but he'd probably just test the line and tell me that it's working.

:rolleyes:

russellhltn
Community Administrator
Posts: 20732
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Sun Sep 07, 2008 1:13 pm

So, the DSL works without a firewall, and the Firewall works on a different connection, but the two don't work together?

Strange.

A couple of things to try for the heck of it: Use a different cable to connect to the two. Make sure you get a link light on both units. Try and power off both the firewall and the modem, power up the modem and wait for it to settle down and acquire a signal, and then power up the firewall.

Beyond that, call support.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

LakeyTW
Member
Posts: 86
Joined: Fri Jan 19, 2007 3:29 pm
Location: Salt Lake City, UT

Postby LakeyTW » Sun Sep 07, 2008 3:26 pm

RussellHltn wrote:So, the DSL works without a firewall, and the Firewall works on a different connection, but the two don't work together?

Strange.

A couple of things to try for the heck of it: Use a different cable to connect to the two. Make sure you get a link light on both units. Try and power off both the firewall and the modem, power up the modem and wait for it to settle down and acquire a signal, and then power up the firewall.

Beyond that, call support.


Perhaps your internet provider is filtering a port required for the VPN to connect.

techgy
Community Moderators
Posts: 3174
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Postby techgy » Sun Sep 07, 2008 3:36 pm

I've been there - done that, including called support. No luck.
I've switched cables, cycled power on the modem and the firewall. I've even tried a different modem.
It's possible that the problem might be with the ISP, but I've also gone to another member's home who lives a little further from the Central Office of the same ISP. The modem works there just fine.

It has to be something unique with the church facility itself.

I'm going back tomorrow afternoon after work and checking out the DSL filter on the only phone on the line. Aside from this idea, I'm at a loss as to what's going on.

I considered switching from the DSL to a cable internet provider such as TimeWarner but the firewall is blocking that ISP so it would be difficult to get it installed or to have any support later on.

When I called the GSD they were scratching their heads.

User avatar
Mikerowaved
Community Moderators
Posts: 3131
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Sun Sep 07, 2008 5:08 pm

May I ask which modem you are using and how it's configured?
So we can better help you, please edit your Profile to include your general location.

techgy
Community Moderators
Posts: 3174
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Postby techgy » Sun Sep 07, 2008 5:15 pm

As I'm not in front of the modem, I'll have to respond to this question on Monday afternoon.
The ISP is Verizon. I'll continue this conversation on Monday afternoon when I get the information.

later.....

The modem is a Westell Wirespeed model B98-21015-04
I don't know the configuration.

I beginning to wonder if our DSL speed might be an issue. We're only getting about 550 down and 52 up which for a DSL is pretty poor. The building is at the limits of getting DSL at all, so this doesn't surprise me.

techgy
Community Moderators
Posts: 3174
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Postby techgy » Sun Sep 14, 2008 8:24 am

In reference to another thread of mine I had aluded to DSL problems which had recently been resolved when a DSL technician came out from our ISP and discovered a broken wire at the demarkation point.

After his visit our DSL was stable. I left the facility feeling hopeful that we had nailed the problems.
This morning, upon a return to the stake center, I found the VPN light on the Firewall was amber. I had no Internet and no access through the firewall as I was unable to get to the modem with the browser.

All the lights on the modem were on as expected and all lights on the firewall were also lit except that the firewall lamp was amber.

After repowering both the modem and firewall everything was normal again.

Question: I've been told by someone that the modem should be configured as a bridge so it doesn't provide any DHCP addresses. What's the story here? Is this necessary or am I dealing with possibly another issue? Has anyone else faced this problem?

Thanks

User avatar
aebrown
Community Administrator
Posts: 14685
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Sun Sep 14, 2008 8:29 am

Techgy wrote:Question: I've been told by someone that the modem should be configured as a bridge so it doesn't provide any DHCP addresses. What's the story here? Is this necessary or am I dealing with possibly another issue? Has anyone else faced this problem?


This would not be the normal case. The firewall has to be able to communicate with the modem. Typically, this is done by the modem providing an IP address to the firewall using DHCP. By default, the modem is configured to obtain IP addresses automatically. In my experience, this works just fine in the three installations I have done.

I suppose for some configurations you might need to give the firewall a static IP address to communicate with the modem, but that would require changing the configuration of the firewall, which is done by the Global Service Desk. It's a complication that I would avoid unless it is absolutely necessary.

techgy
Community Moderators
Posts: 3174
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Postby techgy » Sun Sep 14, 2008 9:14 am

Alan,

I would have to agree since the firewall appears to be working in three other buildings in our stake.
At this point I don't know what's going on. The DSL signal appears stable and our speed is good.
The next time this happens I'll do some additional tests and see if I can pin it down.
Unfortunately, I'm not at the stake center a lot so when it goes down it's a big inconvenience.

We're in the midst of planning for an expansion of the Internet in our FH rooms into the clerk's offices and I'm very hesitant to do anything further and complicate things unless I have a stable Internet.

My personal opinion of these firewalls is that they're more trouble than they're worth :)

:rolleyes:

russellhltn
Community Administrator
Posts: 20732
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Sun Sep 14, 2008 2:10 pm

Techgy wrote:Question: I've been told by someone that the modem should be configured as a bridge so it doesn't provide any DHCP addresses. What's the story here? Is this necessary or am I dealing with possibly another issue? Has anyone else faced this problem?


There's a couple of things that may be going on here:

In my area modems are just that - modems. They connect the next device (ASA firewall) to the Internet directly. The ISP will then use DHCP to assign a public IP to the firewall.

However, I understand there are devices out there that are combination modem and router. If your "modem" has more then one Ethernet jack on the back that is most certainly the case (you have a modem/router/switch). In that case your "modem" itself will take the public IP assigned by the ISP and use it's internal DHCP to assign the ASA firewall a private IP address. If the firewall is expecting a "call" from CHQ that would most certainly cause problems since the incoming packet is likely to be blocked by the "modem". If nothing else it needlessly complicates the situation.

So - bottom line. If you do have a modem/router, then yes, I would advise placing it in bridge mode or whatever it takes to disable all that extra stuff. If what you have is only a modem, then it's already doing that.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest