VPN connection ok, can not ping intranet subnet

50 pts.
Tags:
VPN
Windows Server 2003
Hello! I am having problem with configuring routing settings in RRS in Windows Server 2003 which is used as VPN server. VPN servers private NIC is in subnet 10.10.0.0/16 and can reach subnet 10.30.0.0/16 (ping request are answered ok). But when I connect to VPN server from client that has public IP, I can not reach subnet 10.30.0.0/16 (ping requests are answered "Request timed out"). I thing the configuration of routing is not configured right. Does anybody know how it should be configured? Thanks for any kind of answare! Marko
ASKED: June 13, 2008  9:51 AM
UPDATED: April 4, 2014  4:13 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Marko:

First thing is if you are going through a router you need to port forward the IP address of the VPN server.

Make sure that the Windows Firewall is off on the VPN server.

It sounds like your problem is somewhere there is an active firewall either in the router/moden or in windows itself.

The first clue is the timeout message when you try to ping the IP Address.

If everything is set right you may be pinging the wrong IP Address. The IP Address you are looking for is the one for the router and not the server itself.

One other thing you might check is that the VPN service is active and running on the VPN server.

Brian
========================
There could be a couple of things wrong here:

1. ICMP is not permitted through. This is what Brian refers to about the Windows firewall. Another way of testing this is to: Start, Run, CMD, enter, tracert 10.x.x.x. Look at the path, is it what you expect? Do you see points along the path that do not respond? If so, then it is possible that ICMP is not permitted through those devices.

2. Can you reach any resources on the private network by either name, ip address or service? Can you telnet to port 80 on a web server for example? If that does not work, your VPN client may have the incorrect default gateway set. Check the IP properties on the interface to see if the client is getting an address and gateway that is routable on your network.

Check out thisĀ virtual lab from Microsoft that shows how to use Network Address Translation (NAT) and Routing and Remote Access Server (RRAS) basic firewall, install the IPSec computer certificates, configure the remote access server (RAS) for quarantine, and connect to a RAS server from a client.

=========================
Hello!

I had an exam, so I kind of put this problem in a background…

So, on this VPN server (10.10.10.5) I already tested the connectivity to machine 10.30.1.16 with ping and tracert command:
Tracert results:

Tracing route to 10.30.1.16 over a maximum of 30 hops

1 * * * Request timed out.
2 <1 ms 1 ms <1 ms 10.30.1.16

Trace complete.

So, the connection is ok. I guess the routing on router is configured ok and ICMP is disabled.

I think the problem is in the settings that client gets from VPN server. Default gateway is the same as the IP address that the client gets and the subnet mask is 255.255.255.255 which is strange to me.
I am using static address pool and not DHCP – is this a problem? Should the DHCP be enabled and not static address pool or is ist possible that evertyting could and should work by using static address pool?

Tnx for any kind of answare!
marko

============================
I have seen this 255.255.255.255 type addressing before when the device has some internal routing entries that tell the host where to go for various networks. It does not have the default gateway set but if you go to a command prompt and type “route print” what does it show for the 0.0.0.0 route? That is where all traffic will get sent by default. It’s just that this parameter is not getting sent to the client in DHCP as the default gateway.

============================
It shows:
0.0.0.0 0.0.0.0 “public dg” “public_ip” 20

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • marko00
    You are definitely the real deal!
    0 pointsBadges:
    report
  • Danim2020
    hi my vpn adress is 173.193.233.48 my pin statistics for 173.193.233.48 packets: sent=4 receiveed=0 lost=4 <100% loss> tracing route to 173.193.233.48-static.softlayer.com [173.193.233.48 ] over a maximum of 30 hops: 1 * * * request timed out. 2* 3893 ms * 10.131.198.33 3 * * * request timed out. 4 * 3754 ms * 10.131.198.33 5 * * * request timed out. .. . 30 * * * request timed out. now what can i do :D ?
    15 pointsBadges:
    report
  • Genderhayes
    As a statically routed VPN connection or as a dynamically routed VPN connection using BGP If you select static routing, you'll be prompted to manually enter the IP prefix for your network when you create the VPN connection. If you select dynamic routing, the IP prefix is advertised automatically to your VPC through BGP. VPC can't reach the Internet directly; any Internet-bound traffic must first traverse the virtual private gateway to your network, where the traffic is then subject to your firewall and corporate security policies
    4,060 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following