Solved

Remote server can ping but clients cannot

Posted on 2011-03-09
21
666 Views
Last Modified: 2012-06-27
I have created a site to site VPN. The remote server is connected to the main server and can ping it.
However the clients local to the remote server cannot ping the main site server.

This must be a configuration issue that i have missed. does anyone have any ideas?
0
Comment
Question by:amgrobins
  • 13
  • 5
  • 2
  • +1
21 Comments
 

Author Comment

by:amgrobins
ID: 35081668
MAIN SITE:
192.168.1.0


REMOTE SITE:
192.168.0.0
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35081715
Is the device that sets up the site2site the same as the default gateway for the network? If not, the clients should get a router for the remote network through that device.
0
 

Author Comment

by:amgrobins
ID: 35081758
At the main site it is an SBS 2003 Standard
Remote site is Server 2008 R2.

Do you mean on the remote site clients - is the server 2008 r2 the gateway?
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 
LVL 2

Expert Comment

by:SyedJan
ID: 35081814
what are using for site to site VPN connectivity? any software or any hardware devices. The problem seems that is there is routing problem from one site to another,

0
 

Author Comment

by:amgrobins
ID: 35081828
windows server demand dial router but like i said the remote site can ping the main site when the vpn is connected.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35081836
So you set up the vpn from server to server?

If the server is the default gateway for the clients it must allow routing through the vpn for the clients.
If the server isn't the default gateway the clients must get a route to the remote network with the server as the gateway.
0
 

Author Comment

by:amgrobins
ID: 35081852
OK I think the problem is my remote clients are using the remote router as there gateway at the moment instead of the remote server.
If i change the gateway to the remote server do I need to do anything else on the remote server.
I already have a static route to 192.168.1.1 setup, hence the remote server can ping the main server.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35081870
You don't have to change the gateway, you could just add a route (through DHCP):

Route add 192.168.1.0 mask 255.255.255.0 x.x.x.x (ip address of the server)
0
 
LVL 5

Expert Comment

by:shubhanshu_jaiswal
ID: 35082061
Paste config of the both the device and network diagram...
0
 

Author Comment

by:amgrobins
ID: 35083311
Remote Server - ipconfig /All
ipconfig_all_remote_server

Remote Desktop - ipconfig /All
ipconfig_all_remote_desktop
0
 

Author Comment

by:amgrobins
ID: 35083339
Remote ip setup is as follows:

192.168.0.2  -  local server
192.168.0.3  -  VPN Router / DSL connection
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35083368
So try adding a route on a remote desktop pc:
route add 192.168.1.0 mask 255.255.255.0 192.168.0.2
and see how that works.
0
 

Author Comment

by:amgrobins
ID: 35083397
no joy. attached is the command to add the route, a ping test and then a copy of the remote desktop route table.
 netstat
0
 

Author Comment

by:amgrobins
ID: 35083442
i see that 192.168.1.0 was added twice with two different gateways. I removed both and re-added one with gateway 192.168.0.2 but it still failed to ping.
0
 

Author Comment

by:amgrobins
ID: 35083680
I was messing around with the routes on the remote server and now I cant even ping the main server from there.
Here is my netstat for the remote server.
Any help much appreciated.

 netstat server
0
 

Author Comment

by:amgrobins
ID: 35083715
after disconnecting the VPN connection the main site and reconnecting it the route table changed to the following:

 new netstat - remote server
0
 

Author Comment

by:amgrobins
ID: 35085291
Anyone?
0
 
LVL 2

Expert Comment

by:SyedJan
ID: 35090792
Hello,
from the setting you have done very things seems fine the only problem i think is the authentication of demand dial accounts,
i had similar problem but i had that with ISA 2004 site to site VPN. the issue was demand dial up account authentication from one side.

can you confirm the demand dial up account on both Local site and remote sites.

Your remote site will have an user account for the demand dial up connection for the local site for example on remote site you have to create a user local. and at the local site you have to create a user demand dial account as  remote. for example if vpn connection tries to be connected from remote site so the remote site will use the remote account located at local or main site for authentication, this is correct as your remote site can ping but you have to check this from your local site to remote site.

let me know how you are doing if needed i can send you some screen shots
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35092821
Have a look at this: http://albertsiow.wordpress.com/2009/02/23/site-to-site-pptp-vpn-tunnel/

Though this is a setup for two 2003 servers it might help you to see if you overlooked something.
0
 

Accepted Solution

by:
amgrobins earned 0 total points
ID: 35214043
I couldnt resolve this problem. I have instead opted to go with a hardware solution.
0
 

Author Closing Comment

by:amgrobins
ID: 35252666
hardware solution
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS entry for intranet 1 35
PHP website on Linux - server DNS address could not be found. 18 83
Separate DNS forwarding 2 43
Sonicwall VPN and DHCP Setup 10 61
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question