No VPN Signal

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
randysteck-p40
New Member
Posts: 4
Joined: Thu Nov 06, 2008 6:19 am
Location: USA

Possible root cause found

Post by randysteck-p40 »

I read with interest the postings regarding the ASA box that worked at home and other locations but not at the church where it was supposed to. Interestingly, I found exactly the same problem, and after several hours on the phone with tech support and rescripting the firewall to no avail, I think the root cause is likely to be in the default modem configuration.

I tried the firewall at home and it came up all greens (including the VPN light). However, at the chapel the VPN light kept coming up amber. The difference between the two modem configurations is that the newer modem at the chapel also includes a NAT firewall. This in itself is not a problem but it also came with a default setting of "medium" security, which blocks some (unspecified) traffic. A VPN tunnel has transactions that would otherwise be out of the ordinary and the modem's coarse filtering could be the problem.

Consequently, I set the modem security to "no security" and plugged in the ASA firewall. It came right up, and I strongly suspect that the modem setup was the real issue. I can't validate this further, but it is definitely worth trying when others see these same problems.

Cheers,
Randy
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Post by techgy »

Techgy wrote:
I'm currently crossing my fingers and holding my breath. I went by the stake again this afternoon and the Internet was still giving me problems. Further checking revealed something that I'm embarrassed to mention.

The DSL modem had the logon ID of another of the four buildings in our stake (same ISP) instead of the logon for the stake center. I can only admit to being alseep when I set this up..... :rolleyes:
After I got the logon correct for the DSL modem, things were going well for 3 months. Then in December we started having more intermittent problems with the DSL. Following a call to the ISP to have the line checked they reported that they could find nothing wrong.

The problem would show up as a loss of the VPN channel, which kills the ASA and the Internet. When I would drive to the building to check this out, I would find the DSL modem with all green lights and the VPN channel lamp on the ASA would be amber.

A power cycle of the ASA would bring the VPN back again.
After doing several checks for loose cables, etc, I connected a PC directly to the DSL modem and ran some additional tests. I discovered that our speeds were pretty poor. I had been getting 1.2 down and around 350 up. When I checked both the down and up were around 330.

I power cycled the modem and things came back to normal. A couple of days later the same thing repeated itself. Slow speed - Amber VPN, so I called the ISP and scheduled a service call. He checked the line and found nothing wrong, so we replaced the modem.

Things looked good for two days, then on Sunday AM, more problems. I drove to the building again, the DSL lamp on the modem was blinking RED. I power cycled the modem again and after a couple of minutes it came up all green.

We're going in circles with this particular installation. The ISP reports everything good - at least when they check it and all the hardware has been replaced.

My only thought at this point is the line itself. Over the past several years whenever we've had a lot of rain we lose a couple of phone lines in the building. A couple of weeks after our last rain, one Bishop lost his office line. He called in for a repair and they switched the line to a new pair in the cable. I'm strongly considering the possibility that we may have a intermittent problem with the cable pair but the ISP won't make a switch unless they can identify a problem.

The saga continues......
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Post by techgy »

randysteck wrote:..... Interestingly, I found exactly the same problem, and after several hours on the phone with tech support and rescripting the firewall to no avail, I think the root cause is likely to be in the default modem configuration.

I tried the firewall at home and it came up all greens (including the VPN light). However, at the chapel the VPN light kept coming up amber. The difference between the two modem configurations is that the newer modem at the chapel also includes a NAT firewall. This in itself is not a problem but it also came with a default setting of "medium" security, which blocks some (unspecified) traffic. A VPN tunnel has transactions that would otherwise be out of the ordinary and the modem's coarse filtering could be the problem.

Consequently, I set the modem security to "no security" and plugged in the ASA firewall. It came right up, and I strongly suspect that the modem setup was the real issue. I can't validate this further, but it is definitely worth trying when others see these same problems.

Cheers,
Randy
I'll take a look at this as a possibility, however, as I also experienced problems with the DSL modem by itself, I'm thinking that it's something else.
Post Reply

Return to “Meetinghouse Internet”