Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 932
  • Last Modified:

Nat'ed server not replying to ping requests through VPN

Hi All,

Got a strange problem after switching router from draytek vigor 2800 to 2820 unit.

I cannot ping the nat'ed server after establishing a basic VPN connection remotely which worked perfectly with the 2800 series.

I can ping/resolve all other servers on the network after establishing a VPN connection which the odd thing but just not that one server?

Vigor 2820 settings have been taken from the old router and filter rules are the same as are all other settings.  I've also updated to the latest router firmware by using the .rst file supplied by draytek

Not using ICS on Nat'ed server.

Any ideas?

Thanks

0
jovonn
Asked:
jovonn
  • 3
  • 2
1 Solution
 
Todd GerbertIT ConsultantCommented:
"I cannot ping the nat'ed server after establishing a basic VPN connection" is a little confusing...

Do you mean that you've established a VPN connection, can ping everything on the network except this one server using the private addresses, 192.168.x.y?

Or, you're trying to ping the public IP address of the server, 64.1.2.3?
0
 
jovonnAuthor Commented:
Hi, Yes that is correct. It's an internal IP address that I cant get a response from.
0
 
Todd GerbertIT ConsultantCommented:
Is it possible there's a firewall running on this server preventing the ping from reaching it?  It's often considered a security hole for a computer to respond to pings so most firewalls block'em by default.
0
 
jovonnAuthor Commented:
no not running a firewall/ICS on the win2003 server. Remember, i don't have a problem with my vigor 2800 router. There is something that I've missed on the 2820 which is causing it...

cheers
0
 
jovonnAuthor Commented:
Managed to sort the issue out.  The problems was due to the firewall rules on the 2820

the nat'ed server has a block all rule.

needed to add a rule to pass icmp packets to nat'ed server

also added an additional rule to allow remote desktop using port 3389 to nat'ed server


It's strange how the vigor 2800 manages the ICMP packets as i didn't have to apply any additional filter rules.


0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now