When connected via microsoft VPN, cannot ping Domain controller/DHCP/DNS Server, but can ping everything else by IP

Hello,

I have asked a similar question to this before and thought the problem was resolved but it seems to be still here. This problem is doing my head in now!

I have a routing and remote access server setup for remote access, thats its only use, nothing else. I have one of its interfaces setup for the internal network, and the other setup the same but with a different IP. I then have a cisco router which port forwards the VPN port to 192.168.26.161 (the 2nd interface of the routing and remote access server). This interface is setup with default gateway dns etc.

In routing and remote access I have 192.168.26.161 as the interface connected to the internet, and have created an access rule for a group in active directory to access this, and this authenticates users correctly.

On each machine I setup the VPN on, I have it setup so they use the remote networks default gateway. On the server I also have it setup to use DHCP relay to my DHCP server/DNS Domain controller server (192.168.26.5).

Now when I connect it authenticates me fine and the other users I setup.

Now strangely I cannot ping 192.168.26.5, but i can ping all other internal addresses. I cannot ping by name, obviously because i cannot communicate with DNS server (192.168.26.5).

Sometimes it seems to work, and others it doesnt... and its really starting to make me tear my hair out now!

Additionally and I am not sure this has anything to do with anything, i get a dfgw or 0.0.0.0 on my laptop when i do IPCONFIG /ALL... everything else looks correct so DHCP is working ok.

Everything on my internal network works fine, and there are no glaringly obvious messages in the event logs of either my routing and remote access server, or the domain controller...

Any help with this is VERY appreciated!
LVL 1
forzaawAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BertlingCommented:
is the DHCp DNS etc all on a different subnet to the ip address assigned to you by the DHCP over the VPN? and are all the IP addresses you can ping ones you are testing within the same subnet as the assigned address subnet on the VPN?

you need a valid default gateway to access resources that exist on another netework and your NIC needs to know where to route packets outside the local subnet, this is why we need the DG.

please advise
0
forzaawAuthor Commented:
Hello,

Yes the IP address I am being assigned is from the correct range. i.e. I get 192.168.26.100 and I can ping addresses on my work network such as 192.168.26.7 which is what I would expect. However I cannot ping 192.168.26.5 which is my DC/DHCP/DNS server, Windows 2003. Not being able to communicate with this obviously means no DNS for the remote (work/office) network... which is a problem.

Please advise.
0
BertlingCommented:
i take it you have a 24 bit SN mask (255.255.255.0)?

so when you connect to your VPN client, you can ping inernal Ip addresses but not the DNS DHCP etc??
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

forzaawAuthor Commented:
Hi,

I have taken results from an IPCONFIG /ALL both when im normally connected to our internal network, and what it looks like when I am dialled in. I have **** out certain parts for privacy. I do think the PPP/VPN adapter results are incorrect but I may be wrong.

I use DHCP Relay on routing and remote access server for remote clients DHCP and it appears to be dishing out addresses etc looking at this.

The really odd thing is that this seems to be intermittent.

Thanks in advance for response, see below for IPCONFIG /ALL results:

When connected to network normally:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : LAP***********
   Primary Dns Suffix  . . . . . . . : ****net.com
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ****net.com


Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : ****net.com
   Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
   Physical Address. . . . . . . . . : 00-1F-3B-6C-DF-3B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cc9d:850e:ae14:4f61%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.26.50(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 2008-09-03 11:20
   Lease Expires . . . . . . . . . . : 2008-09-11 11:20
   Default Gateway . . . . . . . . . : 192.168.26.1
   DHCP Server . . . . . . . . . . . : 192.168.26.5
   DNS Servers . . . . . . . . . . . : 192.168.26.5
   NetBIOS over Tcpip. . . . . . . . : Enabled






When dialled in via VPN:


Windows IP Configuration

   Host Name . . . . . . . . . . . . : LAP********
   Primary Dns Suffix  . . . . . . . : ****net.com
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ****net.com
                                       gateway.2wire.net

PPP adapter Forza:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : F****
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.26.29(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.26.5
   NetBIOS over Tcpip. . . . . . . . : Enabled


Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
   Physical Address. . . . . . . . . : 00-1F-3B-6C-DF-3B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cc9d:850e:ae14:4f61%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 2008-09-03 11:42
   Lease Expires . . . . . . . . . . : 2008-09-04 11:42
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
0
BertlingCommented:
i belive its because you DG is 0.0.0.0 is there a setting in your VPN server to set the default route as your local gateway or something like that?

please also advise this:
when you are connected via VPN. can you ping any internal 192.168.26.x address? apart from the ip address the VPn server gives you?
0
forzaawAuthor Commented:
There is an option in Windows which allows you to chosoe whether or not you use the dfgw or the remote network, with this ticked on unticked I get the same problem, but slightly different IPCONFIG /ALL results:

 Connection-specific DNS Suffix  . : ****net.com
 Description . . . . . . . . . . . : Forza
 Physical Address. . . . . . . . . :
 DHCP Enabled. . . . . . . . . . . : No
 Autoconfiguration Enabled . . . . : Yes
 IPv4 Address. . . . . . . . . . . : 192.168.26.28(Preferred)
 Subnet Mask . . . . . . . . . . . : 255.255.255.255
 Default Gateway . . . . . . . . . :
 DNS Servers . . . . . . . . . . . : 192.168.26.5
                                     192.168.26.5
 NetBIOS over Tcpip. . . . . . . . : Enabled

When connected by VPN I can ping EVERYTHING except the DC/DHCP/DNS server, 192.168.26.5 but only by IP, obviously because I cant comnunicater with the DNS server.
0
BertlingCommented:
is there any firewall behind the DC/DHCP/DNS? or have they got the firewall enabled to block ICMP ping?

also are all the servers and all the other network devices you can ping connected to the same switched networ kand not seperated in any way?
0
forzaawAuthor Commented:
Hello,

No the only firewall is the external, the server can be pinged fine when im connected to the LAN, so this is not the issue. All other servers are connected to the core switch, and I can ping them fine, and anything which is on all other connected switches, pings fine.
0
forzaawAuthor Commented:
Anybody got any ideas???
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.