Solved

RRAS VPN in Windows 2008 can only ping one way

Posted on 2008-10-08
7
895 Views
Last Modified: 2012-05-05
I have RRAS setup on windows 2008 servers in the following way

ServerA
- In LocationA
- LAN NIC: 192.168.0.210      
- WAN NIC: public IP 1 (static)
- Domain Controller with RRAS set as VPN and NAT giving out ips manually from 192.168.0.50 to .99

ServerB
- In LocationB
- LAN NIC: 192.168.10.13
- WAN NIC: public IP 2 (dynamic with DDNS)
- Domain Controller with RRAS set as VPN and NAT giving out ips manually from 192.168.10.100 to .199

ServerC
- In LocationC
- LAN NIC: 10.10.10.19
- WAN NIC: public IP 3 (Static)
- Domain Member with TTAS set as VPN and NAT giving out ips manually from 10.10.10.100 to .199

the RRAS is setup with serverA as the main server, with domain dial accounts for servers B and C
servers B and C will successfully connect to serverA, and at this point I can then ping them on their subnets, ie I can ping 10.10.10.19 and 192.168.10.13 from serverA; however they cannot ping me back at serverA.  

NOTE: at one point I was reconfiguring the RRAS on serverA and for a few minutes B and C connected and could ping A but at that time A could not ping them back, almost like its only a one way connection.

Thanks in advance for any assistance!

0
Comment
Question by:jdroger2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 1

Author Comment

by:jdroger2
ID: 22670928
also, I can run \\192.168.0.210 from servers B and C and it will let me access the files on servera.  cannot ping though.
0
 
LVL 1

Expert Comment

by:ifmtech
ID: 22671282
If you are able to access ServerA from B and C via a UNC path "\\192.168.0.210"  Then it would appear that you are able to successfully establish a connection.  Is there a firewall in between or one configured on ServerA that might be blocking ICMP traffic?
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22671763
There are no firewalls except windows firewall on serverA.  It is on, but I dont know that it blocks VPN traffic, I thought that was not filtered.  am I wrong about this?
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 1

Author Comment

by:jdroger2
ID: 22671793
I do also have RRAS server doing NAT.
0
 
LVL 1

Accepted Solution

by:
ifmtech earned 500 total points
ID: 22672257
No it does not filter VPN traffic by default but it does block ICMP traffic by default which would block incoming ping requests.  Try opening the windows firewall, go to the Advanced Tab, click on the first Settings button under Network Connection Settings.  Then click on the ICMP tab and check the box that says "Allow incoming echo request".  See if you can ping the machine after that.  If you can then it is the firewall blocking it.  
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22739751
I'm not finding these settings in the windows firewall in windows 2008 - are you talking about 2003?
0
 
LVL 1

Author Comment

by:jdroger2
ID: 22739871
I have stepped back a little on my vpn situation to consider all the options, and I have posted another question here if you are interested:

http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_23823548.html
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Anyconnect for Android 6 45
AD Account lockout 11 69
Measure time after installing Antivirus 8 59
How to repair a corrupt windows domain user account 3 43
Resolve DNS query failed errors for Exchange
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question