VPN is setup, I can ping everything but the SERVER

I have a VPN setup using 2 cisco 1841 routers.  It is configured and up and running.  I can ping back and forth.... everything but the SERVER!!  The server has an IP of 192.168.1.1  I can ping all the computers in the MAIN office from the the remote office, except the server at 192.168.1.1... but i can ping computers that are 192.168.1.33 or 192.168.1.10 etc...  I checked for firewalls and stuff on the server and I cant find anything.... All the computers in the MAIN office can ping the server and access Mapped drives so i dont understand why the remote office cant see it even though the remote office can see the other computers..!!?  here are my running configs.... anyone see anything wrong?

MAIN OFFICE CONFIG:


Building configuration...

Current configuration : 6730 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 *****************
!
no aaa new-model
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-954786030
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-954786030
 revocation-check none
 rsakeypair TP-self-signed-954786030
!
!
crypto pki certificate chain TP-self-signed-954786030
 certificate self-signed 01
  30820254 308201BD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 39353437 38363033 30301E17 0D313030 33323630 31323234
  385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3935 34373836
  30333030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  B2D65C07 CC747E5F 7188B385 EC32FAF6 720DEE69 4A877346 089BAF25 BE636AAB
  31E1CFEB BE86FDAC 86EE5744 876CA651 18534789 D61F42A8 ED849625 D332DECE
  99E1B24C 0C7BE2A2 FCAF99B6 349CBD09 F97CC756 1275AEB1 F446147B 3F2D741B
  4C29958C 407D866E C14E21AE 97293B2C 20CCD806 775E4D13 9F47DB81 96DFEC4D
  02030100 01A37E30 7C300F06 03551D13 0101FF04 05300301 01FF3029 0603551D
  11042230 20821E43 6973636F 312E6B61 77656168 636F6E74 61696E65 72696E2E
  6C6F6361 6C301F06 03551D23 04183016 80146003 3B5C9C9E DBB4C724 DFEE10C1
  AE9479ED 9D87301D 0603551D 0E041604 1460033B 5C9C9EDB B4C724DF EE10C1AE
  9479ED9D 87300D06 092A8648 86F70D01 01040500 03818100 46705D2C 8B6B835E
  AEA28574 447841D4 3763A0A2 B96EE14F 6F95A108 1C112FB1 EBDC5E85 9B2FB005
  24740277 42E602CA 4BFA1447 1170ADB6 D1789851 A6A582F9 0A87A7F1 2FCB24E2
  CA1B6A25 0B4CAC00 A1738ABE 55194E06 FDC9C8C6 288A97F7 604A245C EAD525F6
  68139475 70F62178 80BE50DA D929E443 AF784111 AAC76EDC
        quit
dot11 syslog
no ip source-route
ip cef
!
!
!
!
no ip bootp server
ip domain name kaweahcontainerin.local
ip name-server 68.94.156.1
ip name-server 68.94.157.1
!
multilink bundle-name authenticated
!
!
username administrator privilege 15 secret 5 ***************
username ktchiu privilege 15 secret 5 *************
!
!
crypto isakmp policy 2
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key k13291c address 64.203.120.36
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to64.203.120.36
 set peer 64.203.120.36
 set transform-set ESP-3DES-SHA3
 match address 104
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_OUTSIDE$$ETH-WAN$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no mop enabled
!
interface FastEthernet0/1
 description $ES_LAN$$FW_INSIDE$
 ip address 192.168.1.150 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface Dialer1
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username kwcontainer@sbcglobal.net password 7 00170714505D5E01
 crypto map SDM_CMAP_1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 103 remark SDM_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 101
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
 
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to
use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 login local
 transport input telnet ssh
line vty 5 15
 login local
 transport input telnet ssh
!
scheduler allocate 4000 1000
ntp authentication-key 123654 md5 123654 0
ntp authenticate
ntp trusted-key 123654
ntp update-calendar
ntp server 76.240.232.214 key 123654 source FastEthernet0/0
end






REMOTE OFFICE CONFIG:


Cisco2#show run
Building configuration...
Current configuration : 8705 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco2
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 **********************
!
no aaa new-model
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1280786440
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1280786440
 revocation-check none
 rsakeypair TP-self-signed-1280786440
!
!        
crypto pki certificate chain TP-self-signed-1280786440
 certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31323830 37383634 3430301E 170D3130 30343038 32333430
  31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32383037
  38363434 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100F941 A0FEFE74 011960B1 77BF83B7 9BFFD0EE 3B455E7B 8357ADB0 45A1002C
  65842028 5BEA3167 7A53FCAA 724B7D51 D8703406 4ACAC02F 7B65D336 B03B600D
  729FA60D 2569ED86 685B6C51 3A8064E1 B11B32EE 95FD2097 7F23C37F 4CD1762C
  ABC936BC 8FB40AF8 345EC65E 0FB81F54 42C72817 1CCAF643 AD5E58B3 3B1C5542
  493D0203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
  551D1104 0A300882 06436973 636F3230 1F060355 1D230418 30168014 780DA045
  7BAAB179 C5CE8CCA 29584225 F975BC05 301D0603 551D0E04 16041478 0DA0457B
  AAB179C5 CE8CCA29 584225F9 75BC0530 0D06092A 864886F7 0D010104 05000381
  81004CE8 E42FA14C 24BC555F 38859E91 653CD8C6 C3B09CDD BDD377E1 03A93BF2
  3D331625 3C532554 46B4D1EA 9BAA0DCF 3ED3085A D8B9899D A9D1507F 399EE0B3
  1F4BA746 551904AE 5B132FBE FFC507DF EA1E83CA 41E34724 7E26D611 E9BC6A4D
  159D5C70 8EA2B105 BBFCDE1F 58C53B3F 9CB0FDD8 DCBA0971 67269EC6 3214C3EB 6362
        quit
dot11 syslog
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.24
ip dhcp excluded-address 192.168.2.76 192.168.2.254
!
ip dhcp pool ccp-pool1
   import all
   network 192.168.2.0 255.255.255.0
   dns-server 64.192.0.10 64.192.0.11
   default-router 192.168.2.150
!
!
no ip bootp server
ip name-server 64.192.0.10
ip name-server 64.192.0.11
!
multilink bundle-name authenticated
!
!
username administrator privilege 15 secret 5 ***************
username ktchiu privilege 15 secret 5 ****************
!
!
crypto isakmp policy 2
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key k13291c address 76.240.232.214
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to Cisco1
 set peer 76.240.232.214
 set transform-set ESP-3DES-SHA
 match address 104
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect
 class type inspect ccp-insp-traffic
  inspect
 class class-default
policy-map type inspect ccp-permit
 class class-default
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
!
!        
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_WAN$$FW_OUTSIDE$
 ip address 64.203.120.36 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
 crypto map SDM_CMAP_1
!
interface FastEthernet0/1
 description $ES_LAN$$FW_INSIDE$
 ip address 192.168.2.150 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 64.203.120.32 0.0.0.15 any
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 101
!
!
!
!
control-plane
!
!        
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
 
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to
use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
alias interface ipa ip add
alias exec tr traceroute
alias exec tn telnet
alias exec siiup sh ip interface brief | inc up
alias exec sii sh ip interface brief | e unas
alias exec siia sh ip interface brief
alias exec si sho interf
alias exec sir sh ip route
alias exec c conf t
alias exec cac sh ip cac f | b SrcP
alias exec cpu show proc cpu h
alias exec sr show running
alias exec srs show running | section
alias exec sri show run | inc
alias exec srb show run | begin
alias exec sal sh access-l
alias exec sfxo show voice port summary | i fxo
alias exec cdp sho cdp nei
alias exec crs copy run start
alias exec wm wr mem
alias exec nd no deb all
alias exec nm term no mon
alias exec tnm term no mon
alias exec tm term mon
alias exec tl0 term len 0
alias exec trunk sho interfaces trunk
alias exec scrvs show call resource voice stats
alias exec ssrs show sip register status
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 4000 1000
end
jerrygomezdotcomAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RunningGagCommented:
Please remove your configs and repost after removing your passwords, public IP's, and company specific information.  You don't want that information publicly available.
0
jerrygomezdotcomAuthor Commented:
My passwords are ENCRYPTED... I am not worried, why are you?  I need help with this, so please give me input regarding the question at hand.  thank you
0
jerrygomezdotcomAuthor Commented:
Also, we are a community built on trust, IT professionals helping IT professionals... I am not out to hurt anyone, I would hope everyone feels the same way.
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

RunningGagCommented:
Good luck with that.

As far as the configs, I'm not seeing anything that would explicitly restrict traffic to 192.168.1.1.  Are you pinging the IP directly, or using the hostname of the server.
0
RunningGagCommented:
Also, have you tried to traceroute to determine where the failure is?  Or tried pining from the remote router rather than a host on the remote network?
0
jerrygomezdotcomAuthor Commented:
i am trying traceroute....
0
jerrygomezdotcomAuthor Commented:
I am pinging the 192.168.1.1 directly from the remote office.  I also tried a \\192.168.1.1 to see if i can open the Shared Folders... not luck... The thing is this also... I can't ping the REMOTE office from the SERVER either... so there is diffinate blockage from the server to the remote and back... but everything else is GAME??!!  haha... I bet its something simple....
0
RunningGagCommented:
Is the server able to ping anything else outside the network?  Do you have a firewall stopping traffic to 192.168.1.1?  Or a rule that stops traffic between 192.168.1.1 and 192.168.x.x networks?

Did you get any results from traceroute?  

How about pinging from the server progressively further away (ie. ping the default gateway, ping the local VPN IP, ping the remote VPN IP, ping the remote internal interface of the router, ping a remote host)?
0
lovegun68Commented:
agree. Please repost without all of your real DNS, server IPs, etc... some people are not nice as you know. HASHED pwds are not secure anymore.
Your question:
It looks like you are correct on your config back and forth. I don't see anything preventing communication.
Can you do things like remote desktop, see shares across the wire?
0
jerrygomezdotcomAuthor Commented:
No results... I can PING everything on the main network from the server.  I can ping the REMOTE VPN router using the static ip.  once i try to get past the VPN router I cant ping the remote network or the fastethernet0/1 that has the ip 192.168.2.150 or any computer over there.  from the remote side I can ping all my computers at the main office, everything but the STUPID server.... haha, this is frustrating because the VPN is up and it should JUST work.... **pulls hair out
0
RunningGagCommented:
Can other hosts on the network ping 192.168.2.150?
0
RunningGagCommented:
I mean, can other hosts on the 192.168.1.x network ping 192.168.2.150?
0
jerrygomezdotcomAuthor Commented:
OMG GAG, u are correct.  I went to a regular pc on the 1.1 network and THEY CAN ping 192.168.2.150 or 192.168.2.175 a computer at the remote office.  everyone sees each other but the server... (the server does see the 1.1 network since its in the same office....
0
jerrygomezdotcomAuthor Commented:
I have 2 network cards on the server, i deleted the setting from lan1 and copied them to lan2. i disables lan1, connected lan2, got back on the network and on the internet no problem... still can't ping... and I am using another LAN card.... haha, this is getting interesting...

BTW, thanx for the help so far guys....
0
RunningGagCommented:
Are you 100% sure that you don't have any firewall rules configured to stop traffic going to or from 192.168.1.1?

When you do a traceroute, does it show anything, or does it just fail right away?
0
jerrygomezdotcomAuthor Commented:
What program do u use for traceroute.... ?

I went to the lan card, went to properties, advanced, and checked the WINDOWS FIREWALL... it is off, where else could there be firewall rules?  also, I am using symantec server antivirus... this might cause a network blockage?  ......
0
RunningGagCommented:
Yes, antivirus could cause it.  Try disabling it temporarily.  Do you have any hardware firewalls other than the routers?

Traceroute uses the Windows command prompt (Start > Run > CMD).

You can also run it from the CLI on the router (or I guess from the SDM).

http://networking.ringofsaturn.com/IP/traceroutedoc.php
0
jerrygomezdotcomAuthor Commented:
ok i am waiting a bit, to do some changes, there is heavy use on the network... dont want to disconnect people...  I also am thinking of changing the servers IP number from 192.168.1.1 to something else and see if it pings as a test etc... stay tuned...
0
RunningGagCommented:
Traceroute is just ICMP packets (like ping) so it won't cause any disruption.
0
RunningGagCommented:
Also, if you do make the IP change, and the problem remains, you can probably assume that the issue is located with the server.
0
jerrygomezdotcomAuthor Commented:
yup.... traceroute is not a valid command on my CMD prompt... i tried it... lolz
0
RunningGagCommented:
Try tracert from Windows command prompt:

IE.

C:\> tracert 4.2.2.2
0
jerrygomezdotcomAuthor Commented:
I ran it, it traces to the REMOTE VPN fine, it traces to any LAN ip on 1.1 fine.... when I do 192.168.2.150 it times out.... NOTHING, instant fail....
0
RunningGagCommented:
Yeah, at this point I'm really leaning towards something blocking it.  Try disabling the firewall and antivirus on the server and retrying.
0
jerrygomezdotcomAuthor Commented:
but it cant be a firewall, i can ping the remote VPN router no problem... This is one of those HEAD SCRATCHERS.....
0
RunningGagCommented:
It can be the server firewall restricting access to the 192.168.2.x network.  
0
jerrygomezdotcomAuthor Commented:
But there is not FIREWALL lolz.... I just disabled ANTIVIRUS and all non-essential running programs, I will reboot the server and try again.....  i have to kick end-users of the network...brb
0
jerrygomezdotcomAuthor Commented:
Ok I disabled, Antivirus and nothing... it did not work.  I changed the ip of the server from 192.168.1.1 to 192.168.1.25 and  I could still ping the remote VPN router but not past that.  I tried the 192.168.1.1 address on a laptop and it could ping the remote office fine... including the wan, lan, and remote computers.  so there is nothing wrong with 192.168.1.1 as an address... I also UN-INSTALLED the network cards on the server, rebooted, and they re-installed themselves.... and I re-inputed the static ip #s and still nothing...  IT DOES NOT WORK...  The only other thing I think is to disable DHCP on the server, Enable DHCP on my Main VPN router, pull an  IP from the router to the server..... and see it that works....
0
RunningGagCommented:
Well, at least we've determined that its an issue with the server and not the network.

Can you try clearing the arp cache?  From the command prompt: netsh interface ip delete arpcache
0
jerrygomezdotcomAuthor Commented:
ok I did it... it said ok....know what? try pinging?

I am thinking about going to go purchase another LAN card just for testing....
0
jerrygomezdotcomAuthor Commented:
i tried pinging and it didnt work... I cant believe this... the only other option is to rebuild the server?  omg...
0
RunningGagCommented:
Can you try disabling the server's firewall?

Start>Run>firewall.cpl
0
jerrygomezdotcomAuthor Commented:
The servers firewall on the LAN?  It is and has been disabled.  Unless ur talking about another firewall??

I am using server 2003, It is well know that 2003 server is locked down to the max upon install...  I recall when I was in school that we needed to build the network via commands on the command prompt.  Sometime we used switches and hubs that where on different ip schemes eg.. Network 1 is on 192.168.1.0 and network 2 is on 192.168.2.0 we had this all setup in a lab environment.  We would then punch in the correct lan ip's and subnets to access the certain parts of the network.  When you u do a netstat -r in command prompt it brings up your network tables etc...  I think what's happening is that server 2003 has an ip of 192.168.1.1 and it is and was intially installed that way.  Whenever I ping anything on my network it works fine... But i think when I start to try to ping 192.168.2.150 it literally stops at the 2 (192.168.2...) and says... "i don't recognize this or I won't  connect to this". Because i need to program this into the server or my network tables.... Am I making sense??  Does anyone understand why I'm saying?? Let me know...
0
RunningGagCommented:
The Windows firewall on the server.

Routing will be done by the routers.  Since everything else on the network can ping through the VPN, and the server can ping everywhere BUT the 192.168.2.x network, it's clear that the problem is on the server.  

If you have already disabled that firewall, you might try taking a look at the Security Configuration Wizard to see if there's anything you can open up with that.

http://www.windowsecurity.com/articles/Security-Configuration-Wizard-Windows-Server-2003-SP1.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SnowWolfCommented:
What is the default gateway of the server? The Ping needs to find a way back for the reply. Also maybe setup a static route on the server..
0
jerrygomezdotcomAuthor Commented:

I discovered this in my IP tables using the nestat -r command:

IPv4 Route Table
====================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x60003 ...00 14 22 78 06 25 ...... Intel(R) PRO/1000 MT Network Con
twork Load Balancing Filter Device
====================================================================
====================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface
          0.0.0.0          0.0.0.0    192.168.1.150      192.168.1.1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1
      192.168.1.0    255.255.255.0      192.168.1.1      192.168.1.1
      192.168.1.1  255.255.255.255        127.0.0.1        127.0.0.1
    192.168.1.255  255.255.255.255      192.168.1.1      192.168.1.1
      192.168.2.0    255.255.255.0    192.168.1.254      192.168.1.1
        224.0.0.0        240.0.0.0      192.168.1.1      192.168.1.1
  255.255.255.255  255.255.255.255      192.168.1.1      192.168.1.1
Default Gateway:     192.168.1.150
====================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      192.168.2.0    255.255.255.0    192.168.1.254       1

This last part, THE PERSISTENT ROUTES I think is whats killing me.  Apparently we had a router on this network I was not aware of.  the 192.168.1.254 is a Sonicwall they use to connect to another network down the street.  I think that explains why my server cant ping 192.168.2.175 or 192.167.2.150 at my remote end because its not going that route.... its trying to ping those 2 numbers on the 192.168.1.254 sonicwall instead of my CISCO 1841 on 192.168.1.150...  I am going to change the REMOTE office IPs to 192.168.3.x and then add a new route on the routing table....  That should fix it correct?  lolz, i knew it was simple, but it was WELL hidden.... no one ever told me of this Sonicwall Router at 192.168.1.254....... hahaha
0
jerrygomezdotcomAuthor Commented:
I discovered the routing tables on my own.  I do appreciate everyones help and input.  You did help me eliminate a lot of possible issues.  But for the sake of the QUESTION and PROBLEM being solved this is the correct answer.  I would hope if you ever run into this issue in your future you can remember this post and remember to run netstat -r command!! It's a God Send!!  Thanx Again GUYS!!

to add a route to the table, go to command prompt type " route -p add 192.168.3.x mask 255.255.255.0 x.x.x.x

x.x.x.x being your gateway or router....
0
RunningGagCommented:
...  You're kidding right?
0
jerrygomezdotcomAuthor Commented:
WT?  you told me about routing tables and NETSTAT?  
0
SnowWolfCommented:
I suggested adding a static route, which he did..
0
RunningGagCommented:
You were stuck on your VPN being the issue.  I ruled that put for you and focused the troubleshooting on your server.  And, I started troubleshooting your server.

If that doesn't deserve a sizable assist, I don't know what does.
0
jerrygomezdotcomAuthor Commented:
No problem, didn't mean to offend anyone... I'll fix it when I get home..
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.