Solved

2 servers can't communicate with different subnet, while all other devices can.

Posted on 2012-04-01
7
399 Views
Last Modified: 2012-07-30
I have 3 locations and 3 subnets, 10.0.x.x, 10.1.x.x, 10.2.x.x.  Each location has its own subnet.

I had a Cisco 1800 router in place for a point-to-point MPLS network setup to connect all 3 locations together.

I recently removed the MPLS network and replaced it with a site-to-site VPN network.

The gateway for the MPLS on the 10.1.x.x network was 10.1.0.1.  I’ve removed that device and added the VPN gateway.  The new gateway is also assigned the 10.1.0.1 address.  After establishing the VPN tunnel, all servers and PC’s are able to communicate with the 10.0.x.x network except for 10.0.0.3 (DC) and 10.0.0.5 (Time clock server).  As well, a ping from 10.0.0.3 to 10.1.0.1 is unreachable (see attached screen shot)

All PC’s and devices on 10.2.x.x can communicate perfectly with 10.0.x.x.  The VPN tunnels are configured identically so I don’t believe the problem lies with the VPN configuration.

After removing the Cisco 1800 gateways and activating the VPN gateway 2 servers will not communicate with the 10.1.0.0 subnet.  All PC’s in the 10.1.0.0 subnet can see and ping any other PC in the 10.0.0.0 subnet except for my 10.0.0.3 and 10.0.0.5.

It seems the problems lie within the servers themselves.  I am not the original network administrator so these servers were initially configured by someone else.

I’ve disable windows firewall on both 10.0.0.3 and 10.0.0.5.

Does anyone have any suggestions as to why the servers can no longer communicate with the 10.1.x.x network after replacing the gateway?
Untitled-1.jpg
0
Comment
Question by:ND02G
  • 4
  • 2
7 Comments
 
LVL 5

Expert Comment

by:ssujai
ID: 37794642
you can try a tracert and see where the communication is getting blocked

What about communication from other machines in the 10.0.x.x to 10.1.x.x . Does the ping to this network work from machines in 10.0.x.x other than the DC and time server?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37795013
Just a guess: maybe the windows servers defaulted to a /8 netmask, therefore not using the gateway?

Tamas
0
 

Author Comment

by:ND02G
ID: 37796453
Running a tracert command returns nothing but * * * Request timed out.

Yes, from 10.1.x.x I can ping any devices in 10.0.x.x except for 10.0.0.3 and 10.0.0.5.

The netmask has remained 255.255.255.0

I have a support call into Microsoft Server support..  Hopefully they can shed some light on this misscommunication.  I would still like to hear other suggestions from EE experts while I wait for the call back.
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:ND02G
ID: 37797381
My firewall technition has determinined it is being cause by the DHCP server on my network.  I can't see anything setting that looks incorrect.  Any ideas?
0
 
LVL 5

Expert Comment

by:ssujai
ID: 37799386
Are you using a dhcp server to assign IPs in the 10.1.x.x network? In that case, check that the gate way of the scope is set correctly.

What is the gateway used by 10.0.0.3 and 10.0.0.5? Was this gateway also changed?

Where is the firewall situated in the network?
0
 

Accepted Solution

by:
ND02G earned 0 total points
ID: 38224681
My DHCP server had a static route assigned for ONLY the MPLS routers.  After removing it my site to site VPN connections could view each other and transmit DHCP info correctly

I was forced to phone Microsoft Support.. Their technician figured it out for me.
0
 

Author Closing Comment

by:ND02G
ID: 38237233
Microsoft Support fixed this problem for me.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question