venkataramanaiahsr
asked on
Pinging to Server when connected thro VPN
I have configured win2000 Server (SP4) as VPN server. (XX.XX.XX.200) When i am not in the office i connect to the server thro Winxp vpn client thro PPTP. Offlate i having this problem. I am able to connect to the vpn server smoothly (XX.XX.XX.200). i can also ping to this machine. But i am not able to ping any other server in my lan.
i,e to other servers like mail server (xx.xx.xx.51) and DB server (XX.XX.XX. 2) Hence i am not able to connect
to these servers when i am not in the office.
Is there any specific reason for this? or do i need to change any settings in my vpn server(XX.XX.Xx.200)
I request an early help in this regard
i,e to other servers like mail server (xx.xx.xx.51) and DB server (XX.XX.XX. 2) Hence i am not able to connect
to these servers when i am not in the office.
Is there any specific reason for this? or do i need to change any settings in my vpn server(XX.XX.Xx.200)
I request an early help in this regard
cubeeq
The server must be configured as router as well.
ASKER
When i configure it as vpn server (routing and remote access) , will it not be configured as router as well?
or do i need to configure it separately. if so how to do it . can you pls elobarate on this
or do i need to configure it separately. if so how to do it . can you pls elobarate on this
hi this is the output of route print on server after the client has connected and acquired address 10.0.0.125:
dest mask gw interface metrics
10.0.0.120 255.255.255.255 127.0.0.1 127.0.0.1 50
10.0.0.125 255.255.255.255 10.0.0.120 10.0.0.120 1
It is win2k3 SBS server where the .120 host is the RAS server component. The server itself has 10.0.0.99 and you are right - it is NOT the router, only RAS. However in configuration of <server> in RAS msc there is IP routing enabled. The client has Default gateway of remote network enabled, which is the default - settings in properties of TCP/IP of VPN network connection.
dest mask gw interface metrics
10.0.0.120 255.255.255.255 127.0.0.1 127.0.0.1 50
10.0.0.125 255.255.255.255 10.0.0.120 10.0.0.120 1
It is win2k3 SBS server where the .120 host is the RAS server component. The server itself has 10.0.0.99 and you are right - it is NOT the router, only RAS. However in configuration of <server> in RAS msc there is IP routing enabled. The client has Default gateway of remote network enabled, which is the default - settings in properties of TCP/IP of VPN network connection.
ASKER
can u explain in little bit detail about this settings. i am furnishing some more information. when i connect thro vpn to my office lan here are the vpn connection settings
PPP adapter
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 128.128.XX.B
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 128.128.XX.A
125.22.47.125
128.128.XX.A is the ip address of my vpn server. 128.128.XX.B is ip address receviced by my laptop when connected to vpn server. i am able to ping to 128.128.XX.A without any issues. but when i try to ping to other ipaddress in the office lan , request time out comes.
I have noticed additional points here.
1. when i connect thro vpn , the subnet mask received is 255.255.255.255 where as the all the systems in my office lan are in the subnet mask 255.255.255.0.
2. and default gateway is blank
is it because of this reason. but then it is pinging to vpn server. The logic is sightly going above my head.
can u pls explain the reasons for points 1 & 2. This might throw some light towards finding solution
I have unchecked the Default gateway of remote network in vpn connection settings
PPP adapter
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 128.128.XX.B
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 128.128.XX.A
125.22.47.125
128.128.XX.A is the ip address of my vpn server. 128.128.XX.B is ip address receviced by my laptop when connected to vpn server. i am able to ping to 128.128.XX.A without any issues. but when i try to ping to other ipaddress in the office lan , request time out comes.
I have noticed additional points here.
1. when i connect thro vpn , the subnet mask received is 255.255.255.255 where as the all the systems in my office lan are in the subnet mask 255.255.255.0.
2. and default gateway is blank
is it because of this reason. but then it is pinging to vpn server. The logic is sightly going above my head.
can u pls explain the reasons for points 1 & 2. This might throw some light towards finding solution
I have unchecked the Default gateway of remote network in vpn connection settings
ASKER
Vpn server is win2000 Server with SP4 (Advanced Server Enterprise editon)
beware 128... is public ip, you should not use it.
if you get the full mask, it means that your computer is "alone" and does not belong to any network. you can try following tips:
1. add route to "128..."/24 network: route add 128.128.XX.0 mask 255.255.255.0 128.128.XX.A
2. use tracert -d 128.128.XX.B on some computer in your lan to see what hops are used - if you don't see 128.128.XX.A - you don't have routing to your client - then you can add route to server - you can route to just one host: route add 128.128.XX.B mask 255.255.255.255 128.128.XX.A
But in ideal case you should have intranet space addresses - 192.168.X.X, 10.X.X.X (not mentioning 172.16.) and on your server there should be DHCP for LAN for lets say your 100 computers, then DHCP scope for RAS (15 addresses) and the server should have two addresses - one physical ip and one "logical" RAS ip. the physical would lie in first scope and the logical in second.
if you get the full mask, it means that your computer is "alone" and does not belong to any network. you can try following tips:
1. add route to "128..."/24 network: route add 128.128.XX.0 mask 255.255.255.0 128.128.XX.A
2. use tracert -d 128.128.XX.B on some computer in your lan to see what hops are used - if you don't see 128.128.XX.A - you don't have routing to your client - then you can add route to server - you can route to just one host: route add 128.128.XX.B mask 255.255.255.255 128.128.XX.A
But in ideal case you should have intranet space addresses - 192.168.X.X, 10.X.X.X (not mentioning 172.16.) and on your server there should be DHCP for LAN for lets say your 100 computers, then DHCP scope for RAS (15 addresses) and the server should have two addresses - one physical ip and one "logical" RAS ip. the physical would lie in first scope and the logical in second.
ASKER
if you get the full mask, it means that your computer is "alone" and does not belong to any network.
What does it mean? i am able to connect to my office lan thro vpn (dialup internet) when i am out of office
and i am getting the internal ip configured for office lan. i am able to ping to vpn server in the office lan
It is only i cannot ping to other servers
What does it mean? i am able to connect to my office lan thro vpn (dialup internet) when i am out of office
and i am getting the internal ip configured for office lan. i am able to ping to vpn server in the office lan
It is only i cannot ping to other servers
ASKER
I have changed the vpn server from win2000 to win2003. there ip routing option is checked which i suppose means it also acts as router along with RAS server. Now when i connect to RAS server thro VPN and try to ping
to other server 128.128.XX.C following is the output.
can you pls suggest is there anything i am missing by the following output
C:\Documents and Settings\venkat>ping 128.128.XX.C /t
Pinging 128.128.XX.C with 32 bytes of data:
Reply from 128.128.XX.C : bytes=32 time=371ms TTL=127
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 128.128.XX.C : bytes=32 time=426ms TTL=127
Reply from 128.128.XX.C : bytes=32 time=424ms TTL=127
Request timed out.
Request timed out.
Request timed out.
Reply from 128.128.XX.C : bytes=32 time=908ms TTL=127
Reply from 128.128.XX.C : bytes=32 time=663ms TTL=127
Request timed out.
Request timed out.
Request timed out.
Reply from 128.128.XX.C : bytes=32 time=483ms TTL=127
Reply from 128.128.XX.C : bytes=32 time=427ms TTL=127
Request timed out.
Ping statistics for 128.128.XX.C :
Packets: Sent = 25, Received = 7, Lost = 18 (72% loss),
Approximate round trip times in milli-seconds:
Minimum = 371ms, Maximum = 908ms, Average = 528ms
to other server 128.128.XX.C following is the output.
can you pls suggest is there anything i am missing by the following output
C:\Documents and Settings\venkat>ping 128.128.XX.C /t
Pinging 128.128.XX.C with 32 bytes of data:
Reply from 128.128.XX.C : bytes=32 time=371ms TTL=127
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 128.128.XX.C : bytes=32 time=426ms TTL=127
Reply from 128.128.XX.C : bytes=32 time=424ms TTL=127
Request timed out.
Request timed out.
Request timed out.
Reply from 128.128.XX.C : bytes=32 time=908ms TTL=127
Reply from 128.128.XX.C : bytes=32 time=663ms TTL=127
Request timed out.
Request timed out.
Request timed out.
Reply from 128.128.XX.C : bytes=32 time=483ms TTL=127
Reply from 128.128.XX.C : bytes=32 time=427ms TTL=127
Request timed out.
Ping statistics for 128.128.XX.C :
Packets: Sent = 25, Received = 7, Lost = 18 (72% loss),
Approximate round trip times in milli-seconds:
Minimum = 371ms, Maximum = 908ms, Average = 528ms
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Pls find enclosed below the ping stat when connected from my laptop outside the office to office lan thro vpn
Ping stat for vpn server
ping 128.128.XX.A - VPN Server in my office LAN
Pinging 128.128..XX.A with 32 bytes of data:
Reply from 128.128.XX.A: bytes=32 time=625ms TTL=128
Reply from 128.128.XX.A: bytes=32 time=418ms TTL=128
Reply from 128.128.XX.A: bytes=32 time=438ms TTL=128
Reply from 128.128.XX.A: bytes=32 time=418ms TTL=128
Ping statistics for 128.128.XX.A:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 418ms, Maximum = 625ms, Average = 474ms
2. Ping stat to google
ping google.com
Pinging google.com [209.85.171.100] with 32 bytes of data:
Reply from 209.85.171.100: bytes=32 time=555ms TTL=236
Reply from 209.85.171.100: bytes=32 time=550ms TTL=236
Reply from 209.85.171.100: bytes=32 time=748ms TTL=236
Reply from 209.85.171.100: bytes=32 time=548ms TTL=236
Ping statistics for 209.85.171.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 548ms, Maximum = 748ms, Average = 600ms
This shows the internet connection is ok (net is connected thro datacard max 15KBPS bandwidth).
Since it is pinging to vpn server without any problem i feel even the vpn part is ok. As suggested by you earlier
the vpn server may not be routing the requests to other systmes properly though i have checked the router option in RAS. Is there anything else i can do (like say manually configure the static routes to other servers in the lan in RAS console). Pls advise. I need to find a solution for this as i need to configure this setup at my md's laptop.
Is there any alternate easy solution for the above requirement.
Ping stat for vpn server
ping 128.128.XX.A - VPN Server in my office LAN
Pinging 128.128..XX.A with 32 bytes of data:
Reply from 128.128.XX.A: bytes=32 time=625ms TTL=128
Reply from 128.128.XX.A: bytes=32 time=418ms TTL=128
Reply from 128.128.XX.A: bytes=32 time=438ms TTL=128
Reply from 128.128.XX.A: bytes=32 time=418ms TTL=128
Ping statistics for 128.128.XX.A:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 418ms, Maximum = 625ms, Average = 474ms
2. Ping stat to google
ping google.com
Pinging google.com [209.85.171.100] with 32 bytes of data:
Reply from 209.85.171.100: bytes=32 time=555ms TTL=236
Reply from 209.85.171.100: bytes=32 time=550ms TTL=236
Reply from 209.85.171.100: bytes=32 time=748ms TTL=236
Reply from 209.85.171.100: bytes=32 time=548ms TTL=236
Ping statistics for 209.85.171.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 548ms, Maximum = 748ms, Average = 600ms
This shows the internet connection is ok (net is connected thro datacard max 15KBPS bandwidth).
Since it is pinging to vpn server without any problem i feel even the vpn part is ok. As suggested by you earlier
the vpn server may not be routing the requests to other systmes properly though i have checked the router option in RAS. Is there anything else i can do (like say manually configure the static routes to other servers in the lan in RAS console). Pls advise. I need to find a solution for this as i need to configure this setup at my md's laptop.
Is there any alternate easy solution for the above requirement.