Solved

PPTP VPN connection established but can't ping remote network.

Posted on 2007-04-10
11
2,264 Views
Last Modified: 2013-11-16
Hello experts,

I'm having a problem with a VPN connection that was working fine a couple of days ago. I'm using a 3com VPN Firewall that is setup as a PPTP VPN server to allow remote users to log in.

This is the problem: the users can connect to the VPN without any problems but they cannot reach anything on the remote network. The logs show that the remote clients get an IP address on my network. I cannot ping that IP address while they are connected. The remote clients cannot ping anything on my network by IP address. Everything was working fine a couple of days ago. Nothing that I know of was changed on either side of the connection. They are connecting fine, just can't reach anything. I tried completly disabling the firewall, deleting and then readding the login names - no luck.

Please help. What could be the problem?
Steven.
0
Comment
Question by:wdunski
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 2

Author Comment

by:wdunski
ID: 18884345
Here's what I see in the firewalls logs:
Apr 10 14:01:04 localhost kernel: PPTP Server: Remote user lawess1 has logged in. IP address 200.1.1.82 has been leased

and then when I asked them to dissconnect:
Apr 10 14:02:26 localhost kernel: PPTP Server: Remote user lawess1 has logged out. IP address 200.1.1.82 has been released
0
 
LVL 2

Expert Comment

by:couritech
ID: 18884517
Have you enabled ICMP in the local area connections properties on the client side? It may be you can ping them but the client quashes the response because of the rule to disallow ICMP ping on the client side NIC? Try to enbale one and then see if you are getting a response. Since you get an IP - most likely thi sis the reason for no ping (its talking - you just can't see the communications).

If you aren't getting a successful ping after allowing for it then the traffic is being stopped at the router most likely. Check the router interface then (log in) and select to allow the ping response for ICMP echo. Try to ping the router? Any luck there means you are talking and hearing - look at your VPN setup to be sure it hasn't changed the IP ports being used.

It is also possible if you are using McAfee, Norton or Zone Alarm that over the past few days they have locked down the program with an update (mine has done just that for McAfee just last week and I had to reset my corporate version to allow for specific port traffic for my VPN port even though this had previously been set up as a rule).
0
 
LVL 2

Author Comment

by:wdunski
ID: 18884679
I just called the client and they have no antivirus/internet security software running on their end. The connection was working fine a couple of days ago and then suddenly stopped working. Nothing to my knowledge was changed on either side. This beats me.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 2

Expert Comment

by:couritech
ID: 18884734
They really need to allow for ICMP packets on the client machine to test the setup correctly (has this been allowed in Local Area Connection at the clinet end?

BTW - I only assume you have two static IP addresses... do you have a dyndns program maintaining port status for dyamnic IP endpoint connections instead? If so, have you logegd in lately to check the status of the account (most must be visited every 90 days to remain active).
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18885103
A common cause for successful VPN connection but inability to ping is the local subnets at the two sites are the same. They must be different for routing to take place. However, you say it was working before, so perhaps this is not the case.
What is also interesting is the IP assigned to the client. This would usually be a private IP, the 200.x.x.x above is a public IP range. Is this what you are using as a LAN subnet?
0
 

Expert Comment

by:raindave
ID: 18885506
I was wondering the same thing about the public IP, never seen a vpn client receive a routeable address, shouldn't be somthing closer to 192.168.x.x or 10.1.x.x and 172.16.x.x?
0
 
LVL 2

Expert Comment

by:couritech
ID: 18885551
I assumed (maybe wrobgly) that you have a class C subnet purchased as do we for the public IP and you are statically assigning based on that? If you aren't, then I agree with raindave and Robwill, you should be seeing a private IP on the client and not seeing a public IP endpoint?
0
 
LVL 2

Author Comment

by:wdunski
ID: 18885976
I fixed it! I reset the VPN Firewall back to it's factory defaults, upgraded the firmware to the newest available, and rebuilt the config and it works!

This was probably the strangest problem I've come across... I'm guessing it must have been a bug in the outdate firmware I was running (which worked perfectly fine up until a few days ago!).
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18886016
Odd, but glad to hear you have resolved.
Thank you for updating.
Cheers !
--Rob
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19421679
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question