Solved

2 servers can't communicate with different subnet, while all other devices can.

Posted on 2012-04-01
7
405 Views
Last Modified: 2012-07-30
I have 3 locations and 3 subnets, 10.0.x.x, 10.1.x.x, 10.2.x.x.  Each location has its own subnet.

I had a Cisco 1800 router in place for a point-to-point MPLS network setup to connect all 3 locations together.

I recently removed the MPLS network and replaced it with a site-to-site VPN network.

The gateway for the MPLS on the 10.1.x.x network was 10.1.0.1.  I’ve removed that device and added the VPN gateway.  The new gateway is also assigned the 10.1.0.1 address.  After establishing the VPN tunnel, all servers and PC’s are able to communicate with the 10.0.x.x network except for 10.0.0.3 (DC) and 10.0.0.5 (Time clock server).  As well, a ping from 10.0.0.3 to 10.1.0.1 is unreachable (see attached screen shot)

All PC’s and devices on 10.2.x.x can communicate perfectly with 10.0.x.x.  The VPN tunnels are configured identically so I don’t believe the problem lies with the VPN configuration.

After removing the Cisco 1800 gateways and activating the VPN gateway 2 servers will not communicate with the 10.1.0.0 subnet.  All PC’s in the 10.1.0.0 subnet can see and ping any other PC in the 10.0.0.0 subnet except for my 10.0.0.3 and 10.0.0.5.

It seems the problems lie within the servers themselves.  I am not the original network administrator so these servers were initially configured by someone else.

I’ve disable windows firewall on both 10.0.0.3 and 10.0.0.5.

Does anyone have any suggestions as to why the servers can no longer communicate with the 10.1.x.x network after replacing the gateway?
Untitled-1.jpg
0
Comment
Question by:ND02G
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 5

Expert Comment

by:ssujai
ID: 37794642
you can try a tracert and see where the communication is getting blocked

What about communication from other machines in the 10.0.x.x to 10.1.x.x . Does the ping to this network work from machines in 10.0.x.x other than the DC and time server?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37795013
Just a guess: maybe the windows servers defaulted to a /8 netmask, therefore not using the gateway?

Tamas
0
 

Author Comment

by:ND02G
ID: 37796453
Running a tracert command returns nothing but * * * Request timed out.

Yes, from 10.1.x.x I can ping any devices in 10.0.x.x except for 10.0.0.3 and 10.0.0.5.

The netmask has remained 255.255.255.0

I have a support call into Microsoft Server support..  Hopefully they can shed some light on this misscommunication.  I would still like to hear other suggestions from EE experts while I wait for the call back.
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 

Author Comment

by:ND02G
ID: 37797381
My firewall technition has determinined it is being cause by the DHCP server on my network.  I can't see anything setting that looks incorrect.  Any ideas?
0
 
LVL 5

Expert Comment

by:ssujai
ID: 37799386
Are you using a dhcp server to assign IPs in the 10.1.x.x network? In that case, check that the gate way of the scope is set correctly.

What is the gateway used by 10.0.0.3 and 10.0.0.5? Was this gateway also changed?

Where is the firewall situated in the network?
0
 

Accepted Solution

by:
ND02G earned 0 total points
ID: 38224681
My DHCP server had a static route assigned for ONLY the MPLS routers.  After removing it my site to site VPN connections could view each other and transmit DHCP info correctly

I was forced to phone Microsoft Support.. Their technician figured it out for me.
0
 

Author Closing Comment

by:ND02G
ID: 38237233
Microsoft Support fixed this problem for me.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question