Certain VPN user halts network

[CorbinMyMan]

I have a vpn user (only 1 that I know of) that when they log in externally (from the internet) or internally (inside network domain) it halts my network until they disconnect. For instance while they are connected, my RAS server cannot ping our exchange server, and all users lose connection to the exchange server and all network resources.

My user logs in fine internally and externally, but that one user I'm speaking of just kills everything.

I'm kind of a noob to vpn so any suggestions would be great.

Thanks!

 

[Zen37]

Sounds more like a virus to me than anything else. I don't see how a VPN connection alone could do this.

 

[CorbinMyMan]

Yea someone suggested that to me too, I've tested this user on several machines internally and externally and I get the same results

 

[CorbinMyMan]

and here's something else, I have a computer on my network, that when i connect using above said user, it works... but they have the Use Default Gateway checked, if I uncheck it and try to connect, it replicates the problem

 

[Zen37]

What is your VPN provider? Cisco, Netscreen, Check Point?

 

[CorbinMyMan]

actually I'm just using RRAS through windows 2003 server

 

[Zen37]

It's the one i know the least.

Ok, when you say that your users lose all their connections, are all your users connections passing through the RRAS server(Internal and external)? Or is it just the external connections connected to the server that fail?

If so, it could be that that specific client has routing rights that overides the servers normal routes somehow.

If not, is there a special reason why you have your internal connections going through the RRAS?

 

[CorbinMyMan]

EVERYONE loses connections, even the ones on the domain not connected to RRAS. As soon as I disconnect this user everything goes back to normal.

Things I've noticed: RAS Server cannot ping exchange server or domain controller.

I just had some users connected to RAS internally for testing.

 

[Zen37]

Wow, this is a good one. I've never encountered something like that.

Do you have a sniffer? Can you sniff the traffic of your servers while this is happening? I think this would be the best way to get down to the root of the issue.

If you don't have a sniffer, download ethereal from ethereal.com and install it on a laptop, then sniff the traffic of the vlan while the "black hole" is connected (black hole is what i would call that user's machine).

 

[CorbinMyMan]

Actually, I JUST figured this out.

It was user specific, so I started sniffing around in Active Directory and notice the users that DID work didn't have Static Routing setup, and the user(s) that didn't work DID have Static Routing setup.

I unchecked Static Routing (because I'm guessing its handled by the RAS Server) and they worked!

Everything seems ok as of now, doing a little more testing.

Thanks for the suggestions!