[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

RRAS VPN in Windows 2008 can only ping one way

Posted on 2008-10-08
7
Medium Priority
?
928 Views
Last Modified: 2012-05-05
I have RRAS setup on windows 2008 servers in the following way

ServerA
- In LocationA
- LAN NIC: 192.168.0.210      
- WAN NIC: public IP 1 (static)
- Domain Controller with RRAS set as VPN and NAT giving out ips manually from 192.168.0.50 to .99

ServerB
- In LocationB
- LAN NIC: 192.168.10.13
- WAN NIC: public IP 2 (dynamic with DDNS)
- Domain Controller with RRAS set as VPN and NAT giving out ips manually from 192.168.10.100 to .199

ServerC
- In LocationC
- LAN NIC: 10.10.10.19
- WAN NIC: public IP 3 (Static)
- Domain Member with TTAS set as VPN and NAT giving out ips manually from 10.10.10.100 to .199

the RRAS is setup with serverA as the main server, with domain dial accounts for servers B and C
servers B and C will successfully connect to serverA, and at this point I can then ping them on their subnets, ie I can ping 10.10.10.19 and 192.168.10.13 from serverA; however they cannot ping me back at serverA.  

NOTE: at one point I was reconfiguring the RRAS on serverA and for a few minutes B and C connected and could ping A but at that time A could not ping them back, almost like its only a one way connection.

Thanks in advance for any assistance!

0
Comment
Question by:jdroger2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 1

Author Comment

by:jdroger2
ID: 22670928
also, I can run \\192.168.0.210 from servers B and C and it will let me access the files on servera.  cannot ping though.
0
 
LVL 1

Expert Comment

by:ifmtech
ID: 22671282
If you are able to access ServerA from B and C via a UNC path "\\192.168.0.210"  Then it would appear that you are able to successfully establish a connection.  Is there a firewall in between or one configured on ServerA that might be blocking ICMP traffic?
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22671763
There are no firewalls except windows firewall on serverA.  It is on, but I dont know that it blocks VPN traffic, I thought that was not filtered.  am I wrong about this?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:jdroger2
ID: 22671793
I do also have RRAS server doing NAT.
0
 
LVL 1

Accepted Solution

by:
ifmtech earned 2000 total points
ID: 22672257
No it does not filter VPN traffic by default but it does block ICMP traffic by default which would block incoming ping requests.  Try opening the windows firewall, go to the Advanced Tab, click on the first Settings button under Network Connection Settings.  Then click on the ICMP tab and check the box that says "Allow incoming echo request".  See if you can ping the machine after that.  If you can then it is the firewall blocking it.  
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22739751
I'm not finding these settings in the windows firewall in windows 2008 - are you talking about 2003?
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22739871
I have stepped back a little on my vpn situation to consider all the options, and I have posted another question here if you are interested:

http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_23823548.html
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question