Solved

Server cannot be accessed over VPN (all others can)

Posted on 2008-10-30
20
309 Views
Last Modified: 2012-05-05
Hello,

Our branch offices are connected over a site-to-site VPN to our HQ. We have just set up a new VPN to our office in Oslo. So far everything is working fine (other than riverbed, but thats another story). RDP and file access back to the office is working fine. That is, for all servers except one. The server which is not working is a windows server 2003, with sharepoint, but is not yet in production. This server can ping/RDP into any server on the other branch offices, the servers at the branch offices can also connect back to it. However, nothing in our Oslo office can ping the sharepoint server, and the sharepoint server cannot ping them. DNS resolves names correctly, but doesn't ping. Pinging by IP address also doesn't work. I really don't know what to try?

Any help you guys could offer would be much appreciated.

Thanks
Daniel
0
Comment
Question by:danieno8
20 Comments
 

Expert Comment

by:Ireland18
ID: 22839284
It's not sitting in a seperate DMZ is it?
0
 

Author Comment

by:danieno8
ID: 22839313
no just on the inside interface like the rest
0
 
LVL 1

Expert Comment

by:kdyresen
ID: 22839365
is it one the same IP range as the rest of the servers? if not, are the IP net routed through the VPN?

If you do a traceroute from both sides, where do it stop?
0
 

Author Comment

by:danieno8
ID: 22839460
yes, they it is on the internal network with a statically assigned address from the 10.10.0.0/24 range.

like i said, server can be accessed over the other VPN's, just not the new one.

tracert just times out. when doing tracert from my desktop which can access the oslo side just hops straight to 10.12.0.0:

H:\>tracert 10.12.0.50

Tracing route to 10.12.0.50 over a maximum of 30 hops

  1    64 ms    62 ms    69 ms  10.12.0.50

Trace complete.

Thanks for the replies.

Daniel
0
 
LVL 1

Expert Comment

by:kdyresen
ID: 22839476
are the server on the 10.10.0.0/24 net or the 10.12.0.0 net? and are both these IP nets reachable for both sides?
0
 

Author Comment

by:danieno8
ID: 22839544
10.10.0.0/24 is the inside network for our HQ

10.12.0.0/24 is the Oslo inside network.

both networks are reachable in both directions. Except our sharepoint server (on the 10.10.0.0/24 inside network).

However, this server can access and be accessed by our other sites.

Thanks
Daniel
0
 
LVL 1

Expert Comment

by:kdyresen
ID: 22839729
Can you do a traceroute from your computer to a server you can reach on the 10.12.0.0/24 network, and a traceroute to the server you cant reach?

So we can see if the traffic gets to where it should

0
 

Author Comment

by:danieno8
ID: 22839749
H:\>tracert 10.12.0.50

Tracing route to 10.12.0.50 over a maximum of 30 hops

  1    63 ms    62 ms    62 ms  10.12.0.50

Trace complete.

H:\>tracert 10.10.0.15

Tracing route to abzsp01.sci.local [10.10.0.15]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  abzsp01.sci.local [10.10.0.15]

Trace complete.

H:\>

Did both from my PC (my PC is on the inside with the server which cannot get to 10.12.0.0/24

Thanks
Daniel
0
 
LVL 1

Expert Comment

by:kdyresen
ID: 22839762
one more thing. Have you checked that this server you cant reach have the right gateway IP? (check up with the server you can reach)
0
 

Author Comment

by:danieno8
ID: 22839818
yes all IP settings are correct...

One thing i have just thought to add is this server is a VM running on ESX 3. However, on this ESX server there are two other VM's configured the same way which are not having any problems.

Thanks
Daniel
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Expert Comment

by:kdyresen
ID: 22839866
Im out of suggestions then, unless there are some firewall software installed on this server (like the internal FW for windows) that are causing this issue.
0
 
LVL 4

Expert Comment

by:ThorSG1
ID: 22840009
Is windows firewall enabled?
0
 

Author Comment

by:danieno8
ID: 22840013
Thanks for trying!!

Daniel
0
 

Author Comment

by:danieno8
ID: 22840067
nope no windows FW (this server is accessible from our other LAN's over site-to-site VPN)
0
 
LVL 1

Accepted Solution

by:
kdyresen earned 500 total points
ID: 22840121
could there be added a static route in the server that routes the traffic the wrong way back?

from cmd "route print"

0
 

Author Comment

by:danieno8
ID: 22840155
H:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 14 38 bc ea 04 ...... HP NC7782 Gigabit Server Adapter #2
0x10004 ...00 14 38 bc ea 05 ...... HP NC7782 Gigabit Server Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0        10.10.0.1       10.10.0.76     10
          0.0.0.0          0.0.0.0        10.10.0.1       10.10.0.39     10
        10.10.0.0    255.255.255.0       10.10.0.39       10.10.0.39     10
        10.10.0.0    255.255.255.0       10.10.0.76       10.10.0.76     10
       10.10.0.39  255.255.255.255        127.0.0.1        127.0.0.1     10
       10.10.0.76  255.255.255.255        127.0.0.1        127.0.0.1     10
   10.255.255.255  255.255.255.255       10.10.0.39       10.10.0.39     10
   10.255.255.255  255.255.255.255       10.10.0.76       10.10.0.76     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
        224.0.0.0        240.0.0.0       10.10.0.39       10.10.0.39     10
        224.0.0.0        240.0.0.0       10.10.0.76       10.10.0.76     10
  255.255.255.255  255.255.255.255       10.10.0.39       10.10.0.39      1
  255.255.255.255  255.255.255.255       10.10.0.76       10.10.0.76      1
Default Gateway:         10.10.0.1
===========================================================================
Persistent Routes:
  None

H:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : abzsps01
   Primary Dns Suffix  . . . . . . . : sci.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : sci.local

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : sci.local
   Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter #2
   Physical Address. . . . . . . . . : 00-14-38-BC-EA-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IP Address. . . . . . . . . . . . : 10.10.0.76
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.0.1
   DHCP Server . . . . . . . . . . . : 10.10.0.29
   DNS Servers . . . . . . . . . . . : 10.10.0.29
   Lease Obtained. . . . . . . . . . : 29 October 2008 12:53:23
   Lease Expires . . . . . . . . . . : 06 November 2008 12:53:23

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-14-38-BC-EA-05
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.10.0.39
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.0.1
   DNS Servers . . . . . . . . . . . : 10.10.0.29
                                       10.0.0.1

H:\>


does that look right to you?

Thanks
Daniel
0
 
LVL 1

Expert Comment

by:kdyresen
ID: 22840189
it have 2 IPs?

are both unreachable?
0
 

Author Comment

by:danieno8
ID: 22840213
Sorry, that ws done from our other sharepoint by accident!

H:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c 29 46 db 8b ...... VMware Accelerated AMD PCNet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0        10.10.0.1       10.10.0.15     10
        10.10.0.0    255.255.255.0       10.10.0.15       10.10.0.15     10
       10.10.0.15  255.255.255.255        127.0.0.1        127.0.0.1     10
        10.12.0.0    255.255.255.0      10.10.0.254       10.10.0.15      1
   10.255.255.255  255.255.255.255       10.10.0.15       10.10.0.15     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
        224.0.0.0        240.0.0.0       10.10.0.15       10.10.0.15     10
  255.255.255.255  255.255.255.255       10.10.0.15       10.10.0.15      1
Default Gateway:         10.10.0.1
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
        10.12.0.0    255.255.255.0      10.10.0.254       1

This persistent route is perhaps the cause, as gateway should not be 254......how does a persistent route get in there? is it manually added?

Thanks
Daniel
0
 

Author Comment

by:danieno8
ID: 22840235
that is it fixed now. I do not know why there was a persistent route added but thank you for having me check it!!!

Daniel
0
 

Author Closing Comment

by:danieno8
ID: 31511581
Thank you!!!!!

I believe this route was added by contractors when they were in setting up this server! and never mentioned!

Daniel
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now