Remote server can ping but clients cannot

I have created a site to site VPN. The remote server is connected to the main server and can ping it.
However the clients local to the remote server cannot ping the main site server.

This must be a configuration issue that i have missed. does anyone have any ideas?
amgrobinsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

amgrobinsAuthor Commented:
MAIN SITE:
192.168.1.0


REMOTE SITE:
192.168.0.0
Ernie BeekExpertCommented:
Is the device that sets up the site2site the same as the default gateway for the network? If not, the clients should get a router for the remote network through that device.
amgrobinsAuthor Commented:
At the main site it is an SBS 2003 Standard
Remote site is Server 2008 R2.

Do you mean on the remote site clients - is the server 2008 r2 the gateway?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

SyedJanCommented:
what are using for site to site VPN connectivity? any software or any hardware devices. The problem seems that is there is routing problem from one site to another,

amgrobinsAuthor Commented:
windows server demand dial router but like i said the remote site can ping the main site when the vpn is connected.
Ernie BeekExpertCommented:
So you set up the vpn from server to server?

If the server is the default gateway for the clients it must allow routing through the vpn for the clients.
If the server isn't the default gateway the clients must get a route to the remote network with the server as the gateway.
amgrobinsAuthor Commented:
OK I think the problem is my remote clients are using the remote router as there gateway at the moment instead of the remote server.
If i change the gateway to the remote server do I need to do anything else on the remote server.
I already have a static route to 192.168.1.1 setup, hence the remote server can ping the main server.
Ernie BeekExpertCommented:
You don't have to change the gateway, you could just add a route (through DHCP):

Route add 192.168.1.0 mask 255.255.255.0 x.x.x.x (ip address of the server)
shubhanshu_jaiswalCommented:
Paste config of the both the device and network diagram...
amgrobinsAuthor Commented:
Remote Server - ipconfig /All
ipconfig_all_remote_server

Remote Desktop - ipconfig /All
ipconfig_all_remote_desktop
amgrobinsAuthor Commented:
Remote ip setup is as follows:

192.168.0.2  -  local server
192.168.0.3  -  VPN Router / DSL connection
Ernie BeekExpertCommented:
So try adding a route on a remote desktop pc:
route add 192.168.1.0 mask 255.255.255.0 192.168.0.2
and see how that works.
amgrobinsAuthor Commented:
no joy. attached is the command to add the route, a ping test and then a copy of the remote desktop route table.
 netstat
amgrobinsAuthor Commented:
i see that 192.168.1.0 was added twice with two different gateways. I removed both and re-added one with gateway 192.168.0.2 but it still failed to ping.
amgrobinsAuthor Commented:
I was messing around with the routes on the remote server and now I cant even ping the main server from there.
Here is my netstat for the remote server.
Any help much appreciated.

 netstat server
amgrobinsAuthor Commented:
after disconnecting the VPN connection the main site and reconnecting it the route table changed to the following:

 new netstat - remote server
amgrobinsAuthor Commented:
Anyone?
SyedJanCommented:
Hello,
from the setting you have done very things seems fine the only problem i think is the authentication of demand dial accounts,
i had similar problem but i had that with ISA 2004 site to site VPN. the issue was demand dial up account authentication from one side.

can you confirm the demand dial up account on both Local site and remote sites.

Your remote site will have an user account for the demand dial up connection for the local site for example on remote site you have to create a user local. and at the local site you have to create a user demand dial account as  remote. for example if vpn connection tries to be connected from remote site so the remote site will use the remote account located at local or main site for authentication, this is correct as your remote site can ping but you have to check this from your local site to remote site.

let me know how you are doing if needed i can send you some screen shots
Ernie BeekExpertCommented:
Have a look at this: http://albertsiow.wordpress.com/2009/02/23/site-to-site-pptp-vpn-tunnel/

Though this is a setup for two 2003 servers it might help you to see if you overlooked something.
amgrobinsAuthor Commented:
I couldnt resolve this problem. I have instead opted to go with a hardware solution.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
amgrobinsAuthor Commented:
hardware solution
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.