[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 936
  • Last Modified:

RRAS VPN in Windows 2008 can only ping one way

I have RRAS setup on windows 2008 servers in the following way

ServerA
- In LocationA
- LAN NIC: 192.168.0.210      
- WAN NIC: public IP 1 (static)
- Domain Controller with RRAS set as VPN and NAT giving out ips manually from 192.168.0.50 to .99

ServerB
- In LocationB
- LAN NIC: 192.168.10.13
- WAN NIC: public IP 2 (dynamic with DDNS)
- Domain Controller with RRAS set as VPN and NAT giving out ips manually from 192.168.10.100 to .199

ServerC
- In LocationC
- LAN NIC: 10.10.10.19
- WAN NIC: public IP 3 (Static)
- Domain Member with TTAS set as VPN and NAT giving out ips manually from 10.10.10.100 to .199

the RRAS is setup with serverA as the main server, with domain dial accounts for servers B and C
servers B and C will successfully connect to serverA, and at this point I can then ping them on their subnets, ie I can ping 10.10.10.19 and 192.168.10.13 from serverA; however they cannot ping me back at serverA.  

NOTE: at one point I was reconfiguring the RRAS on serverA and for a few minutes B and C connected and could ping A but at that time A could not ping them back, almost like its only a one way connection.

Thanks in advance for any assistance!

0
jdroger2
Asked:
jdroger2
  • 5
  • 2
1 Solution
 
jdroger2Author Commented:
also, I can run \\192.168.0.210 from servers B and C and it will let me access the files on servera.  cannot ping though.
0
 
ifmtechCommented:
If you are able to access ServerA from B and C via a UNC path "\\192.168.0.210"  Then it would appear that you are able to successfully establish a connection.  Is there a firewall in between or one configured on ServerA that might be blocking ICMP traffic?
0
 
jdroger2Author Commented:
There are no firewalls except windows firewall on serverA.  It is on, but I dont know that it blocks VPN traffic, I thought that was not filtered.  am I wrong about this?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
jdroger2Author Commented:
I do also have RRAS server doing NAT.
0
 
ifmtechCommented:
No it does not filter VPN traffic by default but it does block ICMP traffic by default which would block incoming ping requests.  Try opening the windows firewall, go to the Advanced Tab, click on the first Settings button under Network Connection Settings.  Then click on the ICMP tab and check the box that says "Allow incoming echo request".  See if you can ping the machine after that.  If you can then it is the firewall blocking it.  
0
 
jdroger2Author Commented:
I'm not finding these settings in the windows firewall in windows 2008 - are you talking about 2003?
0
 
jdroger2Author Commented:
I have stepped back a little on my vpn situation to consider all the options, and I have posted another question here if you are interested:

http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_23823548.html
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now