Solved

Server cannot be accessed over VPN (all others can)

Posted on 2008-10-30
20
315 Views
Last Modified: 2012-05-05
Hello,

Our branch offices are connected over a site-to-site VPN to our HQ. We have just set up a new VPN to our office in Oslo. So far everything is working fine (other than riverbed, but thats another story). RDP and file access back to the office is working fine. That is, for all servers except one. The server which is not working is a windows server 2003, with sharepoint, but is not yet in production. This server can ping/RDP into any server on the other branch offices, the servers at the branch offices can also connect back to it. However, nothing in our Oslo office can ping the sharepoint server, and the sharepoint server cannot ping them. DNS resolves names correctly, but doesn't ping. Pinging by IP address also doesn't work. I really don't know what to try?

Any help you guys could offer would be much appreciated.

Thanks
Daniel
0
Comment
Question by:danieno8
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
20 Comments
 

Expert Comment

by:Ireland18
ID: 22839284
It's not sitting in a seperate DMZ is it?
0
 

Author Comment

by:danieno8
ID: 22839313
no just on the inside interface like the rest
0
 
LVL 1

Expert Comment

by:kdyresen
ID: 22839365
is it one the same IP range as the rest of the servers? if not, are the IP net routed through the VPN?

If you do a traceroute from both sides, where do it stop?
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 

Author Comment

by:danieno8
ID: 22839460
yes, they it is on the internal network with a statically assigned address from the 10.10.0.0/24 range.

like i said, server can be accessed over the other VPN's, just not the new one.

tracert just times out. when doing tracert from my desktop which can access the oslo side just hops straight to 10.12.0.0:

H:\>tracert 10.12.0.50

Tracing route to 10.12.0.50 over a maximum of 30 hops

  1    64 ms    62 ms    69 ms  10.12.0.50

Trace complete.

Thanks for the replies.

Daniel
0
 
LVL 1

Expert Comment

by:kdyresen
ID: 22839476
are the server on the 10.10.0.0/24 net or the 10.12.0.0 net? and are both these IP nets reachable for both sides?
0
 

Author Comment

by:danieno8
ID: 22839544
10.10.0.0/24 is the inside network for our HQ

10.12.0.0/24 is the Oslo inside network.

both networks are reachable in both directions. Except our sharepoint server (on the 10.10.0.0/24 inside network).

However, this server can access and be accessed by our other sites.

Thanks
Daniel
0
 
LVL 1

Expert Comment

by:kdyresen
ID: 22839729
Can you do a traceroute from your computer to a server you can reach on the 10.12.0.0/24 network, and a traceroute to the server you cant reach?

So we can see if the traffic gets to where it should

0
 

Author Comment

by:danieno8
ID: 22839749
H:\>tracert 10.12.0.50

Tracing route to 10.12.0.50 over a maximum of 30 hops

  1    63 ms    62 ms    62 ms  10.12.0.50

Trace complete.

H:\>tracert 10.10.0.15

Tracing route to abzsp01.sci.local [10.10.0.15]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  abzsp01.sci.local [10.10.0.15]

Trace complete.

H:\>

Did both from my PC (my PC is on the inside with the server which cannot get to 10.12.0.0/24

Thanks
Daniel
0
 
LVL 1

Expert Comment

by:kdyresen
ID: 22839762
one more thing. Have you checked that this server you cant reach have the right gateway IP? (check up with the server you can reach)
0
 

Author Comment

by:danieno8
ID: 22839818
yes all IP settings are correct...

One thing i have just thought to add is this server is a VM running on ESX 3. However, on this ESX server there are two other VM's configured the same way which are not having any problems.

Thanks
Daniel
0
 
LVL 1

Expert Comment

by:kdyresen
ID: 22839866
Im out of suggestions then, unless there are some firewall software installed on this server (like the internal FW for windows) that are causing this issue.
0
 
LVL 4

Expert Comment

by:ThorSG1
ID: 22840009
Is windows firewall enabled?
0
 

Author Comment

by:danieno8
ID: 22840013
Thanks for trying!!

Daniel
0
 

Author Comment

by:danieno8
ID: 22840067
nope no windows FW (this server is accessible from our other LAN's over site-to-site VPN)
0
 
LVL 1

Accepted Solution

by:
kdyresen earned 500 total points
ID: 22840121
could there be added a static route in the server that routes the traffic the wrong way back?

from cmd "route print"

0
 

Author Comment

by:danieno8
ID: 22840155
H:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 14 38 bc ea 04 ...... HP NC7782 Gigabit Server Adapter #2
0x10004 ...00 14 38 bc ea 05 ...... HP NC7782 Gigabit Server Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0        10.10.0.1       10.10.0.76     10
          0.0.0.0          0.0.0.0        10.10.0.1       10.10.0.39     10
        10.10.0.0    255.255.255.0       10.10.0.39       10.10.0.39     10
        10.10.0.0    255.255.255.0       10.10.0.76       10.10.0.76     10
       10.10.0.39  255.255.255.255        127.0.0.1        127.0.0.1     10
       10.10.0.76  255.255.255.255        127.0.0.1        127.0.0.1     10
   10.255.255.255  255.255.255.255       10.10.0.39       10.10.0.39     10
   10.255.255.255  255.255.255.255       10.10.0.76       10.10.0.76     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
        224.0.0.0        240.0.0.0       10.10.0.39       10.10.0.39     10
        224.0.0.0        240.0.0.0       10.10.0.76       10.10.0.76     10
  255.255.255.255  255.255.255.255       10.10.0.39       10.10.0.39      1
  255.255.255.255  255.255.255.255       10.10.0.76       10.10.0.76      1
Default Gateway:         10.10.0.1
===========================================================================
Persistent Routes:
  None

H:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : abzsps01
   Primary Dns Suffix  . . . . . . . : sci.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : sci.local

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : sci.local
   Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter #2
   Physical Address. . . . . . . . . : 00-14-38-BC-EA-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IP Address. . . . . . . . . . . . : 10.10.0.76
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.0.1
   DHCP Server . . . . . . . . . . . : 10.10.0.29
   DNS Servers . . . . . . . . . . . : 10.10.0.29
   Lease Obtained. . . . . . . . . . : 29 October 2008 12:53:23
   Lease Expires . . . . . . . . . . : 06 November 2008 12:53:23

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-14-38-BC-EA-05
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.10.0.39
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.0.1
   DNS Servers . . . . . . . . . . . : 10.10.0.29
                                       10.0.0.1

H:\>


does that look right to you?

Thanks
Daniel
0
 
LVL 1

Expert Comment

by:kdyresen
ID: 22840189
it have 2 IPs?

are both unreachable?
0
 

Author Comment

by:danieno8
ID: 22840213
Sorry, that ws done from our other sharepoint by accident!

H:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c 29 46 db 8b ...... VMware Accelerated AMD PCNet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0        10.10.0.1       10.10.0.15     10
        10.10.0.0    255.255.255.0       10.10.0.15       10.10.0.15     10
       10.10.0.15  255.255.255.255        127.0.0.1        127.0.0.1     10
        10.12.0.0    255.255.255.0      10.10.0.254       10.10.0.15      1
   10.255.255.255  255.255.255.255       10.10.0.15       10.10.0.15     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
        224.0.0.0        240.0.0.0       10.10.0.15       10.10.0.15     10
  255.255.255.255  255.255.255.255       10.10.0.15       10.10.0.15      1
Default Gateway:         10.10.0.1
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
        10.12.0.0    255.255.255.0      10.10.0.254       1

This persistent route is perhaps the cause, as gateway should not be 254......how does a persistent route get in there? is it manually added?

Thanks
Daniel
0
 

Author Comment

by:danieno8
ID: 22840235
that is it fixed now. I do not know why there was a persistent route added but thank you for having me check it!!!

Daniel
0
 

Author Closing Comment

by:danieno8
ID: 31511581
Thank you!!!!!

I believe this route was added by contractors when they were in setting up this server! and never mentioned!

Daniel
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question