Solved

2 servers can't communicate with different subnet, while all other devices can.

Posted on 2012-04-01
7
391 Views
Last Modified: 2012-07-30
I have 3 locations and 3 subnets, 10.0.x.x, 10.1.x.x, 10.2.x.x.  Each location has its own subnet.

I had a Cisco 1800 router in place for a point-to-point MPLS network setup to connect all 3 locations together.

I recently removed the MPLS network and replaced it with a site-to-site VPN network.

The gateway for the MPLS on the 10.1.x.x network was 10.1.0.1.  I’ve removed that device and added the VPN gateway.  The new gateway is also assigned the 10.1.0.1 address.  After establishing the VPN tunnel, all servers and PC’s are able to communicate with the 10.0.x.x network except for 10.0.0.3 (DC) and 10.0.0.5 (Time clock server).  As well, a ping from 10.0.0.3 to 10.1.0.1 is unreachable (see attached screen shot)

All PC’s and devices on 10.2.x.x can communicate perfectly with 10.0.x.x.  The VPN tunnels are configured identically so I don’t believe the problem lies with the VPN configuration.

After removing the Cisco 1800 gateways and activating the VPN gateway 2 servers will not communicate with the 10.1.0.0 subnet.  All PC’s in the 10.1.0.0 subnet can see and ping any other PC in the 10.0.0.0 subnet except for my 10.0.0.3 and 10.0.0.5.

It seems the problems lie within the servers themselves.  I am not the original network administrator so these servers were initially configured by someone else.

I’ve disable windows firewall on both 10.0.0.3 and 10.0.0.5.

Does anyone have any suggestions as to why the servers can no longer communicate with the 10.1.x.x network after replacing the gateway?
Untitled-1.jpg
0
Comment
Question by:ND02G
  • 4
  • 2
7 Comments
 
LVL 5

Expert Comment

by:ssujai
ID: 37794642
you can try a tracert and see where the communication is getting blocked

What about communication from other machines in the 10.0.x.x to 10.1.x.x . Does the ping to this network work from machines in 10.0.x.x other than the DC and time server?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37795013
Just a guess: maybe the windows servers defaulted to a /8 netmask, therefore not using the gateway?

Tamas
0
 

Author Comment

by:ND02G
ID: 37796453
Running a tracert command returns nothing but * * * Request timed out.

Yes, from 10.1.x.x I can ping any devices in 10.0.x.x except for 10.0.0.3 and 10.0.0.5.

The netmask has remained 255.255.255.0

I have a support call into Microsoft Server support..  Hopefully they can shed some light on this misscommunication.  I would still like to hear other suggestions from EE experts while I wait for the call back.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:ND02G
ID: 37797381
My firewall technition has determinined it is being cause by the DHCP server on my network.  I can't see anything setting that looks incorrect.  Any ideas?
0
 
LVL 5

Expert Comment

by:ssujai
ID: 37799386
Are you using a dhcp server to assign IPs in the 10.1.x.x network? In that case, check that the gate way of the scope is set correctly.

What is the gateway used by 10.0.0.3 and 10.0.0.5? Was this gateway also changed?

Where is the firewall situated in the network?
0
 

Accepted Solution

by:
ND02G earned 0 total points
ID: 38224681
My DHCP server had a static route assigned for ONLY the MPLS routers.  After removing it my site to site VPN connections could view each other and transmit DHCP info correctly

I was forced to phone Microsoft Support.. Their technician figured it out for me.
0
 

Author Closing Comment

by:ND02G
ID: 38237233
Microsoft Support fixed this problem for me.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now