• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

NIS 2009 blocks replies

Hello!

I have a problem after installing NIS 2009 on Vista Ultimate x64. 

I can't get any application to connect over VPN.

I connect to internet through VPN connection and everything works fine.

Then I establish VPN connection to server (address for examle Y.Y.Y.Y) through Internet (computer receives an IP, for example X.X.X.X). Then I type this IP into browser to access a WEB server and it cannot display anything.  No other security products are used on client.

When I used NIS 2008 everything was working. I checked server firewall log, it DOES receives connections and it DOES send replies, but no application can't get them. I even tried to telnet on 80 port, it connects, sends data and again no reply. If I connect directly to Y.Y.Y.Y it receives reply (web server settings are Ok).

I uninstall NIS 2009, everything works. I install it again everething works, if the connection was made before installation. After reconnecting VPN I get this trouble again.

Firewall rules are set to allow everything to and from IPs  Y.Y.Y.Y and X.X.X.X. Network trust set to TRUSTED.

Doesn't help. Disabling NIS 2009 doen't solve it either.

Any ideas? Id downgrading the only solution?

Replies

Kudos0

Re: NIS 2009 blocks replies

Have you tried to create a general rule in NIS 2009 under smart firewall to allow the VPN IP address? This is just to confirm.
Kudos0

Re: NIS 2009 blocks replies

Not sure whether you are using any VPN client program for connectivity. If so, confirm whether the VPN client in set to ALLOW in the program rules. Make sure that firewall rule has been created correctly for the Ports used by VPN. Also, move that firewall rule to the top of the list so that it will get priority over the other rules.Message Edited by yogesh_mohan on 12-17-2008 11:49 PM
Kudos0

Re: NIS 2009 blocks replies

There is a General Rule To to ALLOW everything for these IPs and it writes log when permits access.

And YES, log says that connection is permitted, but the data can only be sent and not received (I think so due to VPN traffic counter).

Hmm, interesting that PING is the only thing that works well. 

Kudos0

Re: NIS 2009 blocks replies

Did you check the Program Rule for your VPN client(if you have any such)?  The Program rule is different from the General rule which you have created.
Kudos0

Re: NIS 2009 blocks replies

If you could provide information about your VPN that would be helpful, i.e. which VPN are you using and protocols?
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: NIS 2009 blocks replies

Client uses built-in Windows Vista VPN-client.

Connection properties are:

 Default with encryption and Safe Password

VPN type automatic

 All network drivers on, IPv4 configured for DHCP and Not a default gateway

PPP parameters allow LCP extensions. 

Server uses built-in Windows Server VPN Server. 

The VPN for Internet connection to my ISP is same, but without encyption and with default gateway. 

Kudos0

Re: NIS 2009 blocks replies

Thanks for the additional information. Nothing jumps out at me about this. I'll ask somebody to try to reproduce your scenario.Message Edited by reese_anschultz on 12-18-2008 02:18 AM
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: NIS 2009 blocks replies

Ok, waiting for solution. Now downgraded to 2008.

If you need any additional info, I can easily install 2009 again.

Message Edited by Rattlemouse on 12-18-2008 02:50 PM
Kudos0

Re: NIS 2009 blocks replies

Any updates?
Kudos0

Re: NIS 2009 blocks replies

A lot of the Symantec Staff will be off during the holiday period so please be patient for a while longer.
Hugh
Kudos0

Re: NIS 2009 blocks replies

I'm sorry about the late response. I'm currently looking into the status of this issue and hopefully will have a response soon.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: NIS 2009 blocks replies

Rattlemouse, did you ever find a resolution to this problem? We've tried to replicate your issue in-house and have been unsuccessful. It may be because we aren't understanding your environment correctly though.


Rattlemouse wrote:

I connect to internet through VPN connection and everything works fine.


So, everything works fine with simply establishing a VPN connection, or did you mean something besides 'VPN' in this comment?


Rattlemouse wrote:

Hello!

Then I establish VPN connection to server (address for examle Y.Y.Y.Y) through Internet (computer receives an IP, for example X.X.X.X). Then I type this IP into browser to access a WEB server and it cannot display anything.  No other security products are used on client.


Are you establishing a second VPN connection or are you simply saying that you trying to establish a connection to server Y.Y.Y.Y while the VPN connection has been established?


Rattlemouse wrote:

Firewall rules are set to allow everything to and from IPs  Y.Y.Y.Y and X.X.X.X. Network trust set to TRUSTED.


This shouldn't matter. Since it appears that connections can actually be established, but no content returned, it sounds like filtering of some sort. Do you possibly have the add-on pack installed?

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: NIS 2009 blocks replies

Hello,

I have a very similar problem. I can connect via a programmatic VPN (PPTP with encryption - Vista Ultimate x86) to a remote network without any problems, but when I try to connect to one of the computers in the remote network using Remote Desktop, it fails. This only happens when NIS 2009 is installed - even when every module is turned off (I also removed Symantec Filter from supported protocols in each connection). 

I've really tried many possible solutions - created various rules in the firewall (when it was either on and off;), turned all the modules off, added the VPN to the trusted networks list, manually added network's and remote host's IP to and changed all computer's trust level to FULL TRUST, but nothing worked out.

My observation is that when I connect to the VPN it is always set to SHARED trust level.

I had to uninstall NIS 2009 and reinstall NIS 2008 to use the remote desktop (no problems), so I'm pretty sure it's a bug in Your product.

With regards,

Tomasz Mularczyk

Kudos0

Re: NIS 2009 blocks replies

hardmard/Tomasz, is it just Remote Desktop that is failing? Are you able to browse regular web sites? Connect to network shares?
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: NIS 2009 blocks replies

As far as I remember, the remote desktop failed, but the web sites worked normally (i'm not 100% sure since I can't install NIS 2009 again and then get back to 2008 because it takes 2 hours and I'm at work). I didn't have any network shares on the other end of the VPN, so I haven't tried that.

Kudos0

Re: NIS 2009 blocks replies

If web sites were working, it sounds more like an issue specific to remote desktop. You might want to inspect your rules for remote desktop and make sure that they are set up to Allow all communication.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation

This thread is closed from further comment. Please visit the forum to start a new thread.