PPTP VPN connection established but can't ping remote network.

Hello experts,

I'm having a problem with a VPN connection that was working fine a couple of days ago. I'm using a 3com VPN Firewall that is setup as a PPTP VPN server to allow remote users to log in.

This is the problem: the users can connect to the VPN without any problems but they cannot reach anything on the remote network. The logs show that the remote clients get an IP address on my network. I cannot ping that IP address while they are connected. The remote clients cannot ping anything on my network by IP address. Everything was working fine a couple of days ago. Nothing that I know of was changed on either side of the connection. They are connecting fine, just can't reach anything. I tried completly disabling the firewall, deleting and then readding the login names - no luck.

Please help. What could be the problem?
Steven.
LVL 2
wdunskiAsked:
Who is Participating?
 
Computer101Connect With a Mentor Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0
 
wdunskiAuthor Commented:
Here's what I see in the firewalls logs:
Apr 10 14:01:04 localhost kernel: PPTP Server: Remote user lawess1 has logged in. IP address 200.1.1.82 has been leased

and then when I asked them to dissconnect:
Apr 10 14:02:26 localhost kernel: PPTP Server: Remote user lawess1 has logged out. IP address 200.1.1.82 has been released
0
 
couritechCommented:
Have you enabled ICMP in the local area connections properties on the client side? It may be you can ping them but the client quashes the response because of the rule to disallow ICMP ping on the client side NIC? Try to enbale one and then see if you are getting a response. Since you get an IP - most likely thi sis the reason for no ping (its talking - you just can't see the communications).

If you aren't getting a successful ping after allowing for it then the traffic is being stopped at the router most likely. Check the router interface then (log in) and select to allow the ping response for ICMP echo. Try to ping the router? Any luck there means you are talking and hearing - look at your VPN setup to be sure it hasn't changed the IP ports being used.

It is also possible if you are using McAfee, Norton or Zone Alarm that over the past few days they have locked down the program with an update (mine has done just that for McAfee just last week and I had to reset my corporate version to allow for specific port traffic for my VPN port even though this had previously been set up as a rule).
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
wdunskiAuthor Commented:
I just called the client and they have no antivirus/internet security software running on their end. The connection was working fine a couple of days ago and then suddenly stopped working. Nothing to my knowledge was changed on either side. This beats me.
0
 
couritechCommented:
They really need to allow for ICMP packets on the client machine to test the setup correctly (has this been allowed in Local Area Connection at the clinet end?

BTW - I only assume you have two static IP addresses... do you have a dyndns program maintaining port status for dyamnic IP endpoint connections instead? If so, have you logegd in lately to check the status of the account (most must be visited every 90 days to remain active).
0
 
Rob WilliamsCommented:
A common cause for successful VPN connection but inability to ping is the local subnets at the two sites are the same. They must be different for routing to take place. However, you say it was working before, so perhaps this is not the case.
What is also interesting is the IP assigned to the client. This would usually be a private IP, the 200.x.x.x above is a public IP range. Is this what you are using as a LAN subnet?
0
 
raindaveCommented:
I was wondering the same thing about the public IP, never seen a vpn client receive a routeable address, shouldn't be somthing closer to 192.168.x.x or 10.1.x.x and 172.16.x.x?
0
 
couritechCommented:
I assumed (maybe wrobgly) that you have a class C subnet purchased as do we for the public IP and you are statically assigning based on that? If you aren't, then I agree with raindave and Robwill, you should be seeing a private IP on the client and not seeing a public IP endpoint?
0
 
wdunskiAuthor Commented:
I fixed it! I reset the VPN Firewall back to it's factory defaults, upgraded the firmware to the newest available, and rebuilt the config and it works!

This was probably the strangest problem I've come across... I'm guessing it must have been a bug in the outdate firmware I was running (which worked perfectly fine up until a few days ago!).
0
 
Rob WilliamsCommented:
Odd, but glad to hear you have resolved.
Thank you for updating.
Cheers !
--Rob
0
All Courses

From novice to tech pro — start learning today.