When connected via microsoft VPN, cannot ping Domain controller/DHCP/DNS Server, but can ping everything else by IP
Hello,
I have asked a similar question to this before and thought the problem was resolved but it seems to be still here. This problem is doing my head in now!
I have a routing and remote access server setup for remote access, thats its only use, nothing else. I have one of its interfaces setup for the internal network, and the other setup the same but with a different IP. I then have a cisco router which port forwards the VPN port to 192.168.26.161 (the 2nd interface of the routing and remote access server). This interface is setup with default gateway dns etc.
In routing and remote access I have 192.168.26.161 as the interface connected to the internet, and have created an access rule for a group in active directory to access this, and this authenticates users correctly.
On each machine I setup the VPN on, I have it setup so they use the remote networks default gateway. On the server I also have it setup to use DHCP relay to my DHCP server/DNS Domain controller server (192.168.26.5).
Now when I connect it authenticates me fine and the other users I setup.
Now strangely I cannot ping 192.168.26.5, but i can ping all other internal addresses. I cannot ping by name, obviously because i cannot communicate with DNS server (192.168.26.5).
Sometimes it seems to work, and others it doesnt... and its really starting to make me tear my hair out now!
Additionally and I am not sure this has anything to do with anything, i get a dfgw or 0.0.0.0 on my laptop when i do IPCONFIG /ALL... everything else looks correct so DHCP is working ok.
Everything on my internal network works fine, and there are no glaringly obvious messages in the event logs of either my routing and remote access server, or the domain controller...
Any help with this is VERY appreciated!
I have asked a similar question to this before and thought the problem was resolved but it seems to be still here. This problem is doing my head in now!
I have a routing and remote access server setup for remote access, thats its only use, nothing else. I have one of its interfaces setup for the internal network, and the other setup the same but with a different IP. I then have a cisco router which port forwards the VPN port to 192.168.26.161 (the 2nd interface of the routing and remote access server). This interface is setup with default gateway dns etc.
In routing and remote access I have 192.168.26.161 as the interface connected to the internet, and have created an access rule for a group in active directory to access this, and this authenticates users correctly.
On each machine I setup the VPN on, I have it setup so they use the remote networks default gateway. On the server I also have it setup to use DHCP relay to my DHCP server/DNS Domain controller server (192.168.26.5).
Now when I connect it authenticates me fine and the other users I setup.
Now strangely I cannot ping 192.168.26.5, but i can ping all other internal addresses. I cannot ping by name, obviously because i cannot communicate with DNS server (192.168.26.5).
Sometimes it seems to work, and others it doesnt... and its really starting to make me tear my hair out now!
Additionally and I am not sure this has anything to do with anything, i get a dfgw or 0.0.0.0 on my laptop when i do IPCONFIG /ALL... everything else looks correct so DHCP is working ok.
Everything on my internal network works fine, and there are no glaringly obvious messages in the event logs of either my routing and remote access server, or the domain controller...
Any help with this is VERY appreciated!
ASKER
Hello,
Yes the IP address I am being assigned is from the correct range. i.e. I get 192.168.26.100 and I can ping addresses on my work network such as 192.168.26.7 which is what I would expect. However I cannot ping 192.168.26.5 which is my DC/DHCP/DNS server, Windows 2003. Not being able to communicate with this obviously means no DNS for the remote (work/office) network... which is a problem.
Please advise.
Yes the IP address I am being assigned is from the correct range. i.e. I get 192.168.26.100 and I can ping addresses on my work network such as 192.168.26.7 which is what I would expect. However I cannot ping 192.168.26.5 which is my DC/DHCP/DNS server, Windows 2003. Not being able to communicate with this obviously means no DNS for the remote (work/office) network... which is a problem.
Please advise.
i take it you have a 24 bit SN mask (255.255.255.0)?
so when you connect to your VPN client, you can ping inernal Ip addresses but not the DNS DHCP etc??
so when you connect to your VPN client, you can ping inernal Ip addresses but not the DNS DHCP etc??
ASKER
Hi,
I have taken results from an IPCONFIG /ALL both when im normally connected to our internal network, and what it looks like when I am dialled in. I have **** out certain parts for privacy. I do think the PPP/VPN adapter results are incorrect but I may be wrong.
I use DHCP Relay on routing and remote access server for remote clients DHCP and it appears to be dishing out addresses etc looking at this.
The really odd thing is that this seems to be intermittent.
Thanks in advance for response, see below for IPCONFIG /ALL results:
When connected to network normally:
Windows IP Configuration
Host Name . . . . . . . . . . . . : LAP***********
Primary Dns Suffix . . . . . . . : ****net.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ****net.com
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : ****net.com
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-6C-DF-3B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cc9d:850e:ae14:4f61%
IPv4 Address. . . . . . . . . . . : 192.168.26.50(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 2008-09-03 11:20
Lease Expires . . . . . . . . . . : 2008-09-11 11:20
Default Gateway . . . . . . . . . : 192.168.26.1
DHCP Server . . . . . . . . . . . : 192.168.26.5
DNS Servers . . . . . . . . . . . : 192.168.26.5
NetBIOS over Tcpip. . . . . . . . : Enabled
When dialled in via VPN:
Windows IP Configuration
Host Name . . . . . . . . . . . . : LAP********
Primary Dns Suffix . . . . . . . : ****net.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ****net.com
gateway.2wire.net
PPP adapter Forza:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : F****
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.26.29(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 192.168.26.5
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-6C-DF-3B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cc9d:850e:ae14:4f61%
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 2008-09-03 11:42
Lease Expires . . . . . . . . . . : 2008-09-04 11:42
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
I have taken results from an IPCONFIG /ALL both when im normally connected to our internal network, and what it looks like when I am dialled in. I have **** out certain parts for privacy. I do think the PPP/VPN adapter results are incorrect but I may be wrong.
I use DHCP Relay on routing and remote access server for remote clients DHCP and it appears to be dishing out addresses etc looking at this.
The really odd thing is that this seems to be intermittent.
Thanks in advance for response, see below for IPCONFIG /ALL results:
When connected to network normally:
Windows IP Configuration
Host Name . . . . . . . . . . . . : LAP***********
Primary Dns Suffix . . . . . . . : ****net.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ****net.com
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : ****net.com
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-6C-DF-3B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cc9d:850e:ae14:4f61%
IPv4 Address. . . . . . . . . . . : 192.168.26.50(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 2008-09-03 11:20
Lease Expires . . . . . . . . . . : 2008-09-11 11:20
Default Gateway . . . . . . . . . : 192.168.26.1
DHCP Server . . . . . . . . . . . : 192.168.26.5
DNS Servers . . . . . . . . . . . : 192.168.26.5
NetBIOS over Tcpip. . . . . . . . : Enabled
When dialled in via VPN:
Windows IP Configuration
Host Name . . . . . . . . . . . . : LAP********
Primary Dns Suffix . . . . . . . : ****net.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ****net.com
gateway.2wire.net
PPP adapter Forza:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : F****
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.26.29(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 192.168.26.5
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-6C-DF-3B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cc9d:850e:ae14:4f61%
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 2008-09-03 11:42
Lease Expires . . . . . . . . . . : 2008-09-04 11:42
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
i belive its because you DG is 0.0.0.0 is there a setting in your VPN server to set the default route as your local gateway or something like that?
please also advise this:
when you are connected via VPN. can you ping any internal 192.168.26.x address? apart from the ip address the VPn server gives you?
please also advise this:
when you are connected via VPN. can you ping any internal 192.168.26.x address? apart from the ip address the VPn server gives you?
ASKER
There is an option in Windows which allows you to chosoe whether or not you use the dfgw or the remote network, with this ticked on unticked I get the same problem, but slightly different IPCONFIG /ALL results:
Connection-specific DNS Suffix . : ****net.com
Description . . . . . . . . . . . : Forza
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.26.28(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.26.5
192.168.26.5
NetBIOS over Tcpip. . . . . . . . : Enabled
When connected by VPN I can ping EVERYTHING except the DC/DHCP/DNS server, 192.168.26.5 but only by IP, obviously because I cant comnunicater with the DNS server.
Connection-specific DNS Suffix . : ****net.com
Description . . . . . . . . . . . : Forza
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.26.28(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.26.5
192.168.26.5
NetBIOS over Tcpip. . . . . . . . : Enabled
When connected by VPN I can ping EVERYTHING except the DC/DHCP/DNS server, 192.168.26.5 but only by IP, obviously because I cant comnunicater with the DNS server.
is there any firewall behind the DC/DHCP/DNS? or have they got the firewall enabled to block ICMP ping?
also are all the servers and all the other network devices you can ping connected to the same switched networ kand not seperated in any way?
also are all the servers and all the other network devices you can ping connected to the same switched networ kand not seperated in any way?
ASKER
Hello,
No the only firewall is the external, the server can be pinged fine when im connected to the LAN, so this is not the issue. All other servers are connected to the core switch, and I can ping them fine, and anything which is on all other connected switches, pings fine.
No the only firewall is the external, the server can be pinged fine when im connected to the LAN, so this is not the issue. All other servers are connected to the core switch, and I can ping them fine, and anything which is on all other connected switches, pings fine.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you need a valid default gateway to access resources that exist on another netework and your NIC needs to know where to route packets outside the local subnet, this is why we need the DG.
please advise