Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

2 servers can't communicate with different subnet, while all other devices can.

Posted on 2012-04-01
7
Medium Priority
?
409 Views
Last Modified: 2012-07-30
I have 3 locations and 3 subnets, 10.0.x.x, 10.1.x.x, 10.2.x.x.  Each location has its own subnet.

I had a Cisco 1800 router in place for a point-to-point MPLS network setup to connect all 3 locations together.

I recently removed the MPLS network and replaced it with a site-to-site VPN network.

The gateway for the MPLS on the 10.1.x.x network was 10.1.0.1.  I’ve removed that device and added the VPN gateway.  The new gateway is also assigned the 10.1.0.1 address.  After establishing the VPN tunnel, all servers and PC’s are able to communicate with the 10.0.x.x network except for 10.0.0.3 (DC) and 10.0.0.5 (Time clock server).  As well, a ping from 10.0.0.3 to 10.1.0.1 is unreachable (see attached screen shot)

All PC’s and devices on 10.2.x.x can communicate perfectly with 10.0.x.x.  The VPN tunnels are configured identically so I don’t believe the problem lies with the VPN configuration.

After removing the Cisco 1800 gateways and activating the VPN gateway 2 servers will not communicate with the 10.1.0.0 subnet.  All PC’s in the 10.1.0.0 subnet can see and ping any other PC in the 10.0.0.0 subnet except for my 10.0.0.3 and 10.0.0.5.

It seems the problems lie within the servers themselves.  I am not the original network administrator so these servers were initially configured by someone else.

I’ve disable windows firewall on both 10.0.0.3 and 10.0.0.5.

Does anyone have any suggestions as to why the servers can no longer communicate with the 10.1.x.x network after replacing the gateway?
Untitled-1.jpg
0
Comment
Question by:ND02G
  • 4
  • 2
7 Comments
 
LVL 5

Expert Comment

by:ssujai
ID: 37794642
you can try a tracert and see where the communication is getting blocked

What about communication from other machines in the 10.0.x.x to 10.1.x.x . Does the ping to this network work from machines in 10.0.x.x other than the DC and time server?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37795013
Just a guess: maybe the windows servers defaulted to a /8 netmask, therefore not using the gateway?

Tamas
0
 

Author Comment

by:ND02G
ID: 37796453
Running a tracert command returns nothing but * * * Request timed out.

Yes, from 10.1.x.x I can ping any devices in 10.0.x.x except for 10.0.0.3 and 10.0.0.5.

The netmask has remained 255.255.255.0

I have a support call into Microsoft Server support..  Hopefully they can shed some light on this misscommunication.  I would still like to hear other suggestions from EE experts while I wait for the call back.
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 

Author Comment

by:ND02G
ID: 37797381
My firewall technition has determinined it is being cause by the DHCP server on my network.  I can't see anything setting that looks incorrect.  Any ideas?
0
 
LVL 5

Expert Comment

by:ssujai
ID: 37799386
Are you using a dhcp server to assign IPs in the 10.1.x.x network? In that case, check that the gate way of the scope is set correctly.

What is the gateway used by 10.0.0.3 and 10.0.0.5? Was this gateway also changed?

Where is the firewall situated in the network?
0
 

Accepted Solution

by:
ND02G earned 0 total points
ID: 38224681
My DHCP server had a static route assigned for ONLY the MPLS routers.  After removing it my site to site VPN connections could view each other and transmit DHCP info correctly

I was forced to phone Microsoft Support.. Their technician figured it out for me.
0
 

Author Closing Comment

by:ND02G
ID: 38237233
Microsoft Support fixed this problem for me.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
How does someone stay on the right and legal side of the hacking world?
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question