• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1891
  • Last Modified:

Pinging to Server when connected thro VPN

I have configured win2000 Server (SP4) as VPN server. (XX.XX.XX.200)  When i am not in the office i connect to the server thro Winxp vpn client thro PPTP. Offlate i having this problem. I am able to connect to the vpn server smoothly (XX.XX.XX.200). i can also ping to this machine. But i am not able to ping any other server in my lan.
i,e to other servers like mail server (xx.xx.xx.51) and DB server (XX.XX.XX. 2) Hence i am not able to connect
to these servers when i am not in the office.

Is there any specific reason for this? or do i need to change any settings in my vpn server(XX.XX.Xx.200)

I request an early help in this regard
0
venkataramanaiahsr
Asked:
venkataramanaiahsr
  • 6
  • 4
1 Solution
 
cubeeqCommented:
The server must be configured as router as well.
0
 
venkataramanaiahsrAuthor Commented:
When i configure it as vpn server (routing and remote access) , will it not be configured as router as well?
or do i need to configure it separately. if so how to do it . can you pls elobarate on this


0
 
cubeeqCommented:
hi this is the output of route print on server after the client has connected and acquired address 10.0.0.125:

dest            mask                           gw                   interface       metrics
10.0.0.120  255.255.255.255        127.0.0.1         127.0.0.1     50
10.0.0.125  255.255.255.255        10.0.0.120       10.0.0.120   1

It is win2k3 SBS server where the .120 host is the RAS server component. The server itself has 10.0.0.99 and you are right - it is NOT the router, only RAS. However in configuration of <server> in RAS msc there is IP routing enabled. The client has Default gateway of remote network enabled, which is the default - settings in properties of TCP/IP of VPN network connection.

0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
venkataramanaiahsrAuthor Commented:
can u explain in little bit detail about this settings. i am furnishing some more information. when i connect thro vpn to my office lan here are the vpn connection settings

PPP adapter

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 128.128.XX.B
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : 128.128.XX.A
                                                     125.22.47.125



      128.128.XX.A  is the ip address of my vpn server. 128.128.XX.B  is ip address receviced by my laptop when connected to vpn server.  i am able to ping to 128.128.XX.A without any issues.  but when i try to ping to other ipaddress in the office lan , request time out comes.

I have noticed additional  points here.

1.  when i connect thro vpn , the subnet mask received is 255.255.255.255 where as the all the systems in my   office   lan  are in the subnet mask 255.255.255.0.
2. and default gateway is blank

is it because of this reason. but then it is pinging to vpn server.  The logic is sightly going above my head.
can u pls explain the reasons for points 1 & 2. This might throw some light towards finding solution

I have unchecked the Default gateway of remote network in vpn connection settings



0
 
venkataramanaiahsrAuthor Commented:
Vpn server is win2000 Server with SP4 (Advanced Server Enterprise editon)
0
 
cubeeqCommented:
beware 128... is public ip, you should not use it.

if you get the full mask, it means that your computer is "alone" and does not belong to any network. you can try following tips:

1. add route to "128..."/24 network: route add 128.128.XX.0 mask 255.255.255.0 128.128.XX.A
2. use tracert -d 128.128.XX.B on some computer in your lan to see what hops are used - if you don't see 128.128.XX.A - you don't have routing to your client - then you can add route to server - you can route to just one host: route add 128.128.XX.B mask 255.255.255.255 128.128.XX.A

But in ideal case you should have intranet space addresses - 192.168.X.X, 10.X.X.X (not mentioning 172.16.) and on your server there should be DHCP for LAN for lets say your 100 computers, then DHCP scope for RAS (15 addresses) and the server should have two addresses - one physical ip and one "logical" RAS ip. the physical would lie in first scope and the logical in second.

0
 
venkataramanaiahsrAuthor Commented:
if you get the full mask, it means that your computer is "alone" and does not belong to any network.

What does it mean?  i am able to connect to my office lan thro vpn  (dialup internet) when i am out of office    

and i am getting the internal ip configured for office lan. i am able to ping to vpn server in the office lan

It is only i cannot ping to other servers

0
 
venkataramanaiahsrAuthor Commented:
I have changed the vpn server from win2000 to win2003.  there ip routing option is checked which i suppose means it also acts as router along with RAS server. Now when i connect to RAS server thro VPN and try to ping
to other server 128.128.XX.C following is the output.

can you pls suggest is there anything i am missing by the following output


C:\Documents and Settings\venkat>ping 128.128.XX.C /t

Pinging 128.128.XX.C with 32 bytes of data:

Reply from 128.128.XX.C : bytes=32 time=371ms TTL=127
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 128.128.XX.C : bytes=32 time=426ms TTL=127
Reply from 128.128.XX.C : bytes=32 time=424ms TTL=127
Request timed out.
Request timed out.
Request timed out.
Reply from 128.128.XX.C : bytes=32 time=908ms TTL=127
Reply from 128.128.XX.C : bytes=32 time=663ms TTL=127
Request timed out.
Request timed out.
Request timed out.
Reply from 128.128.XX.C : bytes=32 time=483ms TTL=127
Reply from 128.128.XX.C : bytes=32 time=427ms TTL=127
Request timed out.

Ping statistics for 128.128.XX.C :
    Packets: Sent = 25, Received = 7, Lost = 18 (72% loss),
Approximate round trip times in milli-seconds:
    Minimum = 371ms, Maximum = 908ms, Average = 528ms
0
 
cubeeqCommented:
well, it seems like very bad connection. disconnect the vpn and ping the external ip in the same way. you will see if the problem is more likely in your intranet or at your provider
0
 
venkataramanaiahsrAuthor Commented:
Pls find enclosed below the ping stat when connected from my laptop outside the office to office lan thro vpn


Ping stat for vpn server

ping 128.128.XX.A         - VPN Server in my office LAN

Pinging 128.128..XX.A with 32 bytes of data:

Reply from 128.128.XX.A: bytes=32 time=625ms TTL=128
Reply from 128.128.XX.A: bytes=32 time=418ms TTL=128
Reply from 128.128.XX.A: bytes=32 time=438ms TTL=128
Reply from 128.128.XX.A: bytes=32 time=418ms TTL=128

Ping statistics for 128.128.XX.A:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 418ms, Maximum = 625ms, Average = 474ms

2. Ping stat to google

ping google.com

Pinging google.com [209.85.171.100] with 32 bytes of data:

Reply from 209.85.171.100: bytes=32 time=555ms TTL=236
Reply from 209.85.171.100: bytes=32 time=550ms TTL=236
Reply from 209.85.171.100: bytes=32 time=748ms TTL=236
Reply from 209.85.171.100: bytes=32 time=548ms TTL=236

Ping statistics for 209.85.171.100:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 548ms, Maximum = 748ms, Average = 600ms


This shows the internet connection is ok (net is connected thro datacard max 15KBPS bandwidth).
 
Since it is pinging to vpn server without any problem i feel even the vpn part is ok.  As suggested by you earlier
the vpn server may not be routing the requests to other systmes properly  though i have checked the router option in RAS. Is there anything else i can do (like say manually configure the static routes to other servers in the lan in RAS console).  Pls advise.  I need to find a solution for this as i need to configure this setup at my md's laptop.
 
  Is there any alternate easy solution  for the above requirement.




 


 

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now