Solved

PPTP VPN connection established but can't ping remote network.

Posted on 2007-04-10
11
2,258 Views
Last Modified: 2013-11-16
Hello experts,

I'm having a problem with a VPN connection that was working fine a couple of days ago. I'm using a 3com VPN Firewall that is setup as a PPTP VPN server to allow remote users to log in.

This is the problem: the users can connect to the VPN without any problems but they cannot reach anything on the remote network. The logs show that the remote clients get an IP address on my network. I cannot ping that IP address while they are connected. The remote clients cannot ping anything on my network by IP address. Everything was working fine a couple of days ago. Nothing that I know of was changed on either side of the connection. They are connecting fine, just can't reach anything. I tried completly disabling the firewall, deleting and then readding the login names - no luck.

Please help. What could be the problem?
Steven.
0
Comment
Question by:wdunski
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 2

Author Comment

by:wdunski
ID: 18884345
Here's what I see in the firewalls logs:
Apr 10 14:01:04 localhost kernel: PPTP Server: Remote user lawess1 has logged in. IP address 200.1.1.82 has been leased

and then when I asked them to dissconnect:
Apr 10 14:02:26 localhost kernel: PPTP Server: Remote user lawess1 has logged out. IP address 200.1.1.82 has been released
0
 
LVL 2

Expert Comment

by:couritech
ID: 18884517
Have you enabled ICMP in the local area connections properties on the client side? It may be you can ping them but the client quashes the response because of the rule to disallow ICMP ping on the client side NIC? Try to enbale one and then see if you are getting a response. Since you get an IP - most likely thi sis the reason for no ping (its talking - you just can't see the communications).

If you aren't getting a successful ping after allowing for it then the traffic is being stopped at the router most likely. Check the router interface then (log in) and select to allow the ping response for ICMP echo. Try to ping the router? Any luck there means you are talking and hearing - look at your VPN setup to be sure it hasn't changed the IP ports being used.

It is also possible if you are using McAfee, Norton or Zone Alarm that over the past few days they have locked down the program with an update (mine has done just that for McAfee just last week and I had to reset my corporate version to allow for specific port traffic for my VPN port even though this had previously been set up as a rule).
0
 
LVL 2

Author Comment

by:wdunski
ID: 18884679
I just called the client and they have no antivirus/internet security software running on their end. The connection was working fine a couple of days ago and then suddenly stopped working. Nothing to my knowledge was changed on either side. This beats me.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Expert Comment

by:couritech
ID: 18884734
They really need to allow for ICMP packets on the client machine to test the setup correctly (has this been allowed in Local Area Connection at the clinet end?

BTW - I only assume you have two static IP addresses... do you have a dyndns program maintaining port status for dyamnic IP endpoint connections instead? If so, have you logegd in lately to check the status of the account (most must be visited every 90 days to remain active).
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18885103
A common cause for successful VPN connection but inability to ping is the local subnets at the two sites are the same. They must be different for routing to take place. However, you say it was working before, so perhaps this is not the case.
What is also interesting is the IP assigned to the client. This would usually be a private IP, the 200.x.x.x above is a public IP range. Is this what you are using as a LAN subnet?
0
 

Expert Comment

by:raindave
ID: 18885506
I was wondering the same thing about the public IP, never seen a vpn client receive a routeable address, shouldn't be somthing closer to 192.168.x.x or 10.1.x.x and 172.16.x.x?
0
 
LVL 2

Expert Comment

by:couritech
ID: 18885551
I assumed (maybe wrobgly) that you have a class C subnet purchased as do we for the public IP and you are statically assigning based on that? If you aren't, then I agree with raindave and Robwill, you should be seeing a private IP on the client and not seeing a public IP endpoint?
0
 
LVL 2

Author Comment

by:wdunski
ID: 18885976
I fixed it! I reset the VPN Firewall back to it's factory defaults, upgraded the firmware to the newest available, and rebuilt the config and it works!

This was probably the strangest problem I've come across... I'm guessing it must have been a bug in the outdate firmware I was running (which worked perfectly fine up until a few days ago!).
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18886016
Odd, but glad to hear you have resolved.
Thank you for updating.
Cheers !
--Rob
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19421679
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question