Avatar of klo555
klo555 asked on

Cannot ping outside of lan on server

First,
This server is completely accessible from the world. This is a terminal server. I am able to ping nodes inside the netowork, and am able to make dns requests (via nslookup). DNS Server is inside network.

The server is unable to ping anything outside the internal network, I am unable to ping 4.2.2.1. These servers are sitting behind a Cisco firewall. Even if I allow all traffic through the network, I am still unable to ping (Permit all).

Nothing odd in the server event log, this problem started about a week ago.

This is very odd and I dont know where to start, so hopefully someone will poke me in the right direction.

-Thanks,
-Casey Strom

Windows Server 2003Hardware FirewallsRouters

Avatar of undefined
Last Comment
klo555

8/22/2022 - Mon
ASKER
klo555

By the way, All other machines on the network are able to ping and receive the response, there is an ICMP allow all rule in the firewall config.

This is not a PIX firewall BTW.
ASKER
klo555

Raised limit to 500 due to personal inability to comprehend what is causing problem.
ASKER CERTIFIED SOLUTION
tfowles

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
klo555

tfowles,
Firewall is translating both UDP/TCP, am unable to tracert to 4.2.2.1 on the server in question (10.0.0.3), however I am able to tracert from another server (10.0.0.2).

aterea,
1.) No
2.) Yes (but I wish that were the problem)
3.) No
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
tfowles

Are both servers the same OS?
Would it be possible to assign a different IP address to the server to test?
You stated above that this is not a PIX, but is it still a Cisco FW or another vendor?
ASKER
klo555

tfowles,
Both server are in the process of deployment and are both on 2003 Standard R2 - Identical installations.

The FW is a Cisco 3662.

Let me test an IP swap and see what happens.
ASKER
klo555

Oh. Now I feel a bit stupid - it works on the new IP address.

Hmm, So i'm going to call this a firewall issue.

Let me troubleshoot a bit more and see what I can come up with.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
tfowles

You might also check for a duplicate IP address on the network (don't assign it to either server and then try pinging it ... also check the event logs for any messages).  If you cannot find a dup, I would try putting the old IP address back in just to make sure it wasn't configured incorrectly in the first place or that windows wasn't just getting buggy on you.
ASKER
klo555

Nope, No duplicate IP on the network, and nothing worth mentioning in the event log.


SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
klo555

I cannot access outside web pages on this machine, I can access everything on the LAN on this server, just nothing beyond that.

-Thanks
-Casey Strom
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ChiefIT

Then this really sounds like a multihomed computer problem. Multihomed is defined as two or more nics, therefore multiple IPs. Or Multiple IPs on the same NIC. Configuring Dual NICs can interfere with ICMP and it can interfere with access to outside the LAN.

Can you supply us with an IPconfig /all? With that information, we can make recommendations.

ASKER
klo555

Ethernet adapter GB1 - WAN:

 Connection-specific DNS Suffix  . :
 Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
BD Client)
 Physical Address. . . . . . . . . : 00-1E-C9-40-55-F8
 DHCP Enabled. . . . . . . . . . . : No
 IP Address. . . . . . . . . . . . : 10.0.0.3
 Subnet Mask . . . . . . . . . . . : 255.255.255.0
 Default Gateway . . . . . . . . . : 10.0.0.1
 DNS Servers . . . . . . . . . . . : 10.0.0.2
 Primary WINS Server . . . . . . . : 10.0.0.2

Ethernet adapter Local Area Connection 2 (Not being used right now)

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
BD Client) #2
Physical Address. . . . . . . . . : 00-1E-C9-40-55-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 255.255.255.255
ChiefIT

Disable NIC 2:

It is currently looking for a DHCP address: 0.0.0.0 on subnet 255.255.255.255 is where DHCP discoveries are sent.

I think NIC 2 is enabled, and even though it is not plugged in, it is causing your problems.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
klo555

I dumped the router config and started fresh, seemed to fix it.

Dont know what caused the problemo though.