Solved

RRAS VPN in Windows 2008 can only ping one way

Posted on 2008-10-08
7
881 Views
Last Modified: 2012-05-05
I have RRAS setup on windows 2008 servers in the following way

ServerA
- In LocationA
- LAN NIC: 192.168.0.210      
- WAN NIC: public IP 1 (static)
- Domain Controller with RRAS set as VPN and NAT giving out ips manually from 192.168.0.50 to .99

ServerB
- In LocationB
- LAN NIC: 192.168.10.13
- WAN NIC: public IP 2 (dynamic with DDNS)
- Domain Controller with RRAS set as VPN and NAT giving out ips manually from 192.168.10.100 to .199

ServerC
- In LocationC
- LAN NIC: 10.10.10.19
- WAN NIC: public IP 3 (Static)
- Domain Member with TTAS set as VPN and NAT giving out ips manually from 10.10.10.100 to .199

the RRAS is setup with serverA as the main server, with domain dial accounts for servers B and C
servers B and C will successfully connect to serverA, and at this point I can then ping them on their subnets, ie I can ping 10.10.10.19 and 192.168.10.13 from serverA; however they cannot ping me back at serverA.  

NOTE: at one point I was reconfiguring the RRAS on serverA and for a few minutes B and C connected and could ping A but at that time A could not ping them back, almost like its only a one way connection.

Thanks in advance for any assistance!

0
Comment
Question by:jdroger2
  • 5
  • 2
7 Comments
 
LVL 1

Author Comment

by:jdroger2
ID: 22670928
also, I can run \\192.168.0.210 from servers B and C and it will let me access the files on servera.  cannot ping though.
0
 
LVL 1

Expert Comment

by:ifmtech
ID: 22671282
If you are able to access ServerA from B and C via a UNC path "\\192.168.0.210"  Then it would appear that you are able to successfully establish a connection.  Is there a firewall in between or one configured on ServerA that might be blocking ICMP traffic?
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22671763
There are no firewalls except windows firewall on serverA.  It is on, but I dont know that it blocks VPN traffic, I thought that was not filtered.  am I wrong about this?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 1

Author Comment

by:jdroger2
ID: 22671793
I do also have RRAS server doing NAT.
0
 
LVL 1

Accepted Solution

by:
ifmtech earned 500 total points
ID: 22672257
No it does not filter VPN traffic by default but it does block ICMP traffic by default which would block incoming ping requests.  Try opening the windows firewall, go to the Advanced Tab, click on the first Settings button under Network Connection Settings.  Then click on the ICMP tab and check the box that says "Allow incoming echo request".  See if you can ping the machine after that.  If you can then it is the firewall blocking it.  
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22739751
I'm not finding these settings in the windows firewall in windows 2008 - are you talking about 2003?
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22739871
I have stepped back a little on my vpn situation to consider all the options, and I have posted another question here if you are interested:

http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_23823548.html
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now