Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PPTP VPN connection established but can't ping remote network.

Posted on 2007-04-10
11
Medium Priority
?
2,285 Views
Last Modified: 2013-11-16
Hello experts,

I'm having a problem with a VPN connection that was working fine a couple of days ago. I'm using a 3com VPN Firewall that is setup as a PPTP VPN server to allow remote users to log in.

This is the problem: the users can connect to the VPN without any problems but they cannot reach anything on the remote network. The logs show that the remote clients get an IP address on my network. I cannot ping that IP address while they are connected. The remote clients cannot ping anything on my network by IP address. Everything was working fine a couple of days ago. Nothing that I know of was changed on either side of the connection. They are connecting fine, just can't reach anything. I tried completly disabling the firewall, deleting and then readding the login names - no luck.

Please help. What could be the problem?
Steven.
0
Comment
Question by:wdunski
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 2

Author Comment

by:wdunski
ID: 18884345
Here's what I see in the firewalls logs:
Apr 10 14:01:04 localhost kernel: PPTP Server: Remote user lawess1 has logged in. IP address 200.1.1.82 has been leased

and then when I asked them to dissconnect:
Apr 10 14:02:26 localhost kernel: PPTP Server: Remote user lawess1 has logged out. IP address 200.1.1.82 has been released
0
 
LVL 2

Expert Comment

by:couritech
ID: 18884517
Have you enabled ICMP in the local area connections properties on the client side? It may be you can ping them but the client quashes the response because of the rule to disallow ICMP ping on the client side NIC? Try to enbale one and then see if you are getting a response. Since you get an IP - most likely thi sis the reason for no ping (its talking - you just can't see the communications).

If you aren't getting a successful ping after allowing for it then the traffic is being stopped at the router most likely. Check the router interface then (log in) and select to allow the ping response for ICMP echo. Try to ping the router? Any luck there means you are talking and hearing - look at your VPN setup to be sure it hasn't changed the IP ports being used.

It is also possible if you are using McAfee, Norton or Zone Alarm that over the past few days they have locked down the program with an update (mine has done just that for McAfee just last week and I had to reset my corporate version to allow for specific port traffic for my VPN port even though this had previously been set up as a rule).
0
 
LVL 2

Author Comment

by:wdunski
ID: 18884679
I just called the client and they have no antivirus/internet security software running on their end. The connection was working fine a couple of days ago and then suddenly stopped working. Nothing to my knowledge was changed on either side. This beats me.
0
Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 2

Expert Comment

by:couritech
ID: 18884734
They really need to allow for ICMP packets on the client machine to test the setup correctly (has this been allowed in Local Area Connection at the clinet end?

BTW - I only assume you have two static IP addresses... do you have a dyndns program maintaining port status for dyamnic IP endpoint connections instead? If so, have you logegd in lately to check the status of the account (most must be visited every 90 days to remain active).
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18885103
A common cause for successful VPN connection but inability to ping is the local subnets at the two sites are the same. They must be different for routing to take place. However, you say it was working before, so perhaps this is not the case.
What is also interesting is the IP assigned to the client. This would usually be a private IP, the 200.x.x.x above is a public IP range. Is this what you are using as a LAN subnet?
0
 

Expert Comment

by:raindave
ID: 18885506
I was wondering the same thing about the public IP, never seen a vpn client receive a routeable address, shouldn't be somthing closer to 192.168.x.x or 10.1.x.x and 172.16.x.x?
0
 
LVL 2

Expert Comment

by:couritech
ID: 18885551
I assumed (maybe wrobgly) that you have a class C subnet purchased as do we for the public IP and you are statically assigning based on that? If you aren't, then I agree with raindave and Robwill, you should be seeing a private IP on the client and not seeing a public IP endpoint?
0
 
LVL 2

Author Comment

by:wdunski
ID: 18885976
I fixed it! I reset the VPN Firewall back to it's factory defaults, upgraded the firmware to the newest available, and rebuilt the config and it works!

This was probably the strangest problem I've come across... I'm guessing it must have been a bug in the outdate firmware I was running (which worked perfectly fine up until a few days ago!).
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18886016
Odd, but glad to hear you have resolved.
Thank you for updating.
Cheers !
--Rob
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19421679
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question