Solved

RRAS VPN in Windows 2008 can only ping one way

Posted on 2008-10-08
7
891 Views
Last Modified: 2012-05-05
I have RRAS setup on windows 2008 servers in the following way

ServerA
- In LocationA
- LAN NIC: 192.168.0.210      
- WAN NIC: public IP 1 (static)
- Domain Controller with RRAS set as VPN and NAT giving out ips manually from 192.168.0.50 to .99

ServerB
- In LocationB
- LAN NIC: 192.168.10.13
- WAN NIC: public IP 2 (dynamic with DDNS)
- Domain Controller with RRAS set as VPN and NAT giving out ips manually from 192.168.10.100 to .199

ServerC
- In LocationC
- LAN NIC: 10.10.10.19
- WAN NIC: public IP 3 (Static)
- Domain Member with TTAS set as VPN and NAT giving out ips manually from 10.10.10.100 to .199

the RRAS is setup with serverA as the main server, with domain dial accounts for servers B and C
servers B and C will successfully connect to serverA, and at this point I can then ping them on their subnets, ie I can ping 10.10.10.19 and 192.168.10.13 from serverA; however they cannot ping me back at serverA.  

NOTE: at one point I was reconfiguring the RRAS on serverA and for a few minutes B and C connected and could ping A but at that time A could not ping them back, almost like its only a one way connection.

Thanks in advance for any assistance!

0
Comment
Question by:jdroger2
  • 5
  • 2
7 Comments
 
LVL 1

Author Comment

by:jdroger2
ID: 22670928
also, I can run \\192.168.0.210 from servers B and C and it will let me access the files on servera.  cannot ping though.
0
 
LVL 1

Expert Comment

by:ifmtech
ID: 22671282
If you are able to access ServerA from B and C via a UNC path "\\192.168.0.210"  Then it would appear that you are able to successfully establish a connection.  Is there a firewall in between or one configured on ServerA that might be blocking ICMP traffic?
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22671763
There are no firewalls except windows firewall on serverA.  It is on, but I dont know that it blocks VPN traffic, I thought that was not filtered.  am I wrong about this?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Author Comment

by:jdroger2
ID: 22671793
I do also have RRAS server doing NAT.
0
 
LVL 1

Accepted Solution

by:
ifmtech earned 500 total points
ID: 22672257
No it does not filter VPN traffic by default but it does block ICMP traffic by default which would block incoming ping requests.  Try opening the windows firewall, go to the Advanced Tab, click on the first Settings button under Network Connection Settings.  Then click on the ICMP tab and check the box that says "Allow incoming echo request".  See if you can ping the machine after that.  If you can then it is the firewall blocking it.  
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22739751
I'm not finding these settings in the windows firewall in windows 2008 - are you talking about 2003?
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22739871
I have stepped back a little on my vpn situation to consider all the options, and I have posted another question here if you are interested:

http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_23823548.html
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question