asked on

Server cannot be accessed over VPN (all others can)

Hello,

Our branch offices are connected over a site-to-site VPN to our HQ. We have just set up a new VPN to our office in Oslo. So far everything is working fine (other than riverbed, but thats another story). RDP and file access back to the office is working fine. That is, for all servers except one. The server which is not working is a windows server 2003, with sharepoint, but is not yet in production. This server can ping/RDP into any server on the other branch offices, the servers at the branch offices can also connect back to it. However, nothing in our Oslo office can ping the sharepoint server, and the sharepoint server cannot ping them. DNS resolves names correctly, but doesn't ping. Pinging by IP address also doesn't work. I really don't know what to try?

Any help you guys could offer would be much appreciated.

Thanks
Daniel

Ireland18

It's not sitting in a seperate DMZ is it?

danieno8

ASKER

no just on the inside interface like the rest

kdyresen

is it one the same IP range as the rest of the servers? if not, are the IP net routed through the VPN?

If you do a traceroute from both sides, where do it stop?

danieno8

ASKER

yes, they it is on the internal network with a statically assigned address from the 10.10.0.0/24 range.

like i said, server can be accessed over the other VPN's, just not the new one.

tracert just times out. when doing tracert from my desktop which can access the oslo side just hops straight to 10.12.0.0:

H:\>tracert 10.12.0.50

Tracing route to 10.12.0.50 over a maximum of 30 hops

1 64 ms 62 ms 69 ms 10.12.0.50

Trace complete.

Thanks for the replies.

Daniel

kdyresen

are the server on the 10.10.0.0/24 net or the 10.12.0.0 net? and are both these IP nets reachable for both sides?

danieno8

ASKER

10.10.0.0/24 is the inside network for our HQ

10.12.0.0/24 is the Oslo inside network.

both networks are reachable in both directions. Except our sharepoint server (on the 10.10.0.0/24 inside network).

However, this server can access and be accessed by our other sites.

Thanks
Daniel

kdyresen

Can you do a traceroute from your computer to a server you can reach on the 10.12.0.0/24 network, and a traceroute to the server you cant reach?

So we can see if the traffic gets to where it should

danieno8

ASKER

H:\>tracert 10.12.0.50

Tracing route to 10.12.0.50 over a maximum of 30 hops

1 63 ms 62 ms 62 ms 10.12.0.50

Trace complete.

H:\>tracert 10.10.0.15

Tracing route to abzsp01.sci.local [10.10.0.15]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms abzsp01.sci.local [10.10.0.15]

Trace complete.

H:\>

Did both from my PC (my PC is on the inside with the server which cannot get to 10.12.0.0/24

Thanks
Daniel

kdyresen

one more thing. Have you checked that this server you cant reach have the right gateway IP? (check up with the server you can reach)

danieno8

ASKER

yes all IP settings are correct...

One thing i have just thought to add is this server is a VM running on ESX 3. However, on this ESX server there are two other VM's configured the same way which are not having any problems.

Thanks
Daniel

kdyresen

Im out of suggestions then, unless there are some firewall software installed on this server (like the internal FW for windows) that are causing this issue.

ThorSG1

Is windows firewall enabled?

danieno8

ASKER

Thanks for trying!!

Daniel

danieno8

ASKER

nope no windows FW (this server is accessible from our other LAN's over site-to-site VPN)

ASKER CERTIFIED SOLUTION

kdyresen

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

danieno8

ASKER

H:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 14 38 bc ea 04 ...... HP NC7782 Gigabit Server Adapter #2
0x10004 ...00 14 38 bc ea 05 ...... HP NC7782 Gigabit Server Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.0.1 10.10.0.76 10
0.0.0.0 0.0.0.0 10.10.0.1 10.10.0.39 10
10.10.0.0 255.255.255.0 10.10.0.39 10.10.0.39 10
10.10.0.0 255.255.255.0 10.10.0.76 10.10.0.76 10
10.10.0.39 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.0.76 255.255.255.255 127.0.0.1 127.0.0.1 10
10.255.255.255 255.255.255.255 10.10.0.39 10.10.0.39 10
10.255.255.255 255.255.255.255 10.10.0.76 10.10.0.76 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.10.0.39 10.10.0.39 10
224.0.0.0 240.0.0.0 10.10.0.76 10.10.0.76 10
255.255.255.255 255.255.255.255 10.10.0.39 10.10.0.39 1
255.255.255.255 255.255.255.255 10.10.0.76 10.10.0.76 1
Default Gateway: 10.10.0.1
===========================================================================
Persistent Routes:
None

H:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : abzsps01
Primary Dns Suffix . . . . . . . : sci.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sci.local

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : sci.local
Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter #2
Physical Address. . . . . . . . . : 00-14-38-BC-EA-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.10.0.76
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.0.1
DHCP Server . . . . . . . . . . . : 10.10.0.29
DNS Servers . . . . . . . . . . . : 10.10.0.29
Lease Obtained. . . . . . . . . . : 29 October 2008 12:53:23
Lease Expires . . . . . . . . . . : 06 November 2008 12:53:23

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter
Physical Address. . . . . . . . . : 00-14-38-BC-EA-05
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.0.39
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.0.1
DNS Servers . . . . . . . . . . . : 10.10.0.29
10.0.0.1

H:\>

does that look right to you?

Thanks
Daniel

kdyresen

it have 2 IPs?

are both unreachable?

danieno8

ASKER

Sorry, that ws done from our other sharepoint by accident!

H:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c 29 46 db 8b ...... VMware Accelerated AMD PCNet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.0.1 10.10.0.15 10
10.10.0.0 255.255.255.0 10.10.0.15 10.10.0.15 10
10.10.0.15 255.255.255.255 127.0.0.1 127.0.0.1 10
10.12.0.0 255.255.255.0 10.10.0.254 10.10.0.15 1
10.255.255.255 255.255.255.255 10.10.0.15 10.10.0.15 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.10.0.15 10.10.0.15 10
255.255.255.255 255.255.255.255 10.10.0.15 10.10.0.15 1
Default Gateway: 10.10.0.1
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.12.0.0 255.255.255.0 10.10.0.254 1

This persistent route is perhaps the cause, as gateway should not be 254......how does a persistent route get in there? is it manually added?

Thanks
Daniel

danieno8

ASKER

that is it fixed now. I do not know why there was a persistent route added but thank you for having me check it!!!

Daniel

danieno8

ASKER

Thank you!!!!!

I believe this route was added by contractors when they were in setting up this server! and never mentioned!

Daniel