Windows 2003 to Windows 2012 VPN connection, can browse and ping one direction

OK so here is my setup... I have two Windows 2003 servers in one physical environment, and one Windows 2012 server in another physical location.

Location 1:

Galactus is the RRAS/VPN Server
Magneto is a member 2003 Server

Location 2:

HYPERV is the Windows 2012 R2 server.

I have successfully connected the two sites with VPN, and joined HYPERV to the Windows domain.  From HYPERV, I can browse the remote network, ping the remote network, copy files, etc.

From GALACTUS, I can ping HYPERV, I can browse it, copy files, etc.

From MAGNETO, I CANNOT ping, browse, or copy to HYPERV.

Location 1 physical network:
192.168.1.x subnet, gateway (which is our router)

Location 2 physical network:
192.168.1.x subnet, gateway (which is our router)

Location 1 IP addresses:

Location 2 IP Address:

When I dial in with the VPN, GALACTUS takes a second address of, which I also CANNOT ping from Magneto.
HYPERV takes a second address of, which I also CANNOT ping from Magneto.

I have blacked out the public files, but attached are the screenshots of ROUTE PRINT, as well as IPCONFIG /ALL.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tomas ValentaIT ManagerCommented:
you have two separated networks with the same IP subnet. It is not common.  A quick workaround could be static host route - in Magneto routing table add static route for HYPERV and gateway is GALACTUS. But the right solution is to make HYPERV subnet different - 192.168.2.x and then add static route in your router directed this network to the GALACTUS.
FutureTechSysDOTcomAuthor Commented:
I tried the static host route as follows previously:

route add mask
route add mask

Neither worked.

Would I change the subnet on HYPERV at the VPN level, or the actual IP level?
Tomas ValentaIT ManagerCommented:
MAGNETO - route add MASK
routing must be enabled in RRAS (but it is not routing but bridging)
on other side - HYPERV - must be route back to the GALACTUS - route add MASK (really is on both VPN endpoint the same IP addresses ?
for testing run tracert -d hyperV from GALACTUS command to be sure the traffic
is routed to the MAGNETO and not to the router
but really I recommend to change the network on HYPERV side
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

FutureTechSysDOTcomAuthor Commented:
OK, let's assume I change the network on the HYPERV side - am I changing the LAN address to 192.168.2.x, or am I changing the VPN assigned address to 192.168.2.x?
Tomas ValentaIT ManagerCommented:
the LAN 2 must be different network so LAN address of the HYPERV must be
then you add static route to your router (network to gateway
and on other side the router with IP you must change to and add route to gateway RRAS must be configured for routing.
FutureTechSysDOTcomAuthor Commented:
HYPERV is on a LAN with a router of
The primary location's LAN has a router of

If I change HYPERV's LAN to 192.168.2.x, would I leave the VPN addresses as 192.168.1.x?
Tomas ValentaIT ManagerCommented:
the IP must be from the local subnet so HYPERV's IP in 2.x
FutureTechSysDOTcomAuthor Commented:
This is my router on the HYPERV side... is this where you would suggest adding the route?
Tomas ValentaIT ManagerCommented:
it could be visible in the attached picture (I hope..). The best practise is to have one default router in the network and here all networks routes. SO use your routers and add here the routes to the second network.
FutureTechSysDOTcomAuthor Commented:
Sorry file didn't attach first time
Tomas ValentaIT ManagerCommented:
and my picture describes right your network configuration ? In red are changes.
In your picture is important information - there is tab EoIP Tunell. Do you have the same equipment on both sites ?
If yes you can do VPN tunnel by these routers. Always must be on both sites different subnets.
FutureTechSysDOTcomAuthor Commented:
I have DD-WRT firmware on my home office router, and a sonicwall VPN.  This is a short term setup, so doing it via software tunnel is fine for now, as its just this one machine that I need to be able to talk to the remote network.

Your picture I think has the changes, but I'm afraid when it comes to routing I need it a little "dumber" for me :)
Tomas ValentaIT ManagerCommented:
do not worry. I will decribe it step by step:
1) Location 2 - changing of IP addresses - do it on-site because after change you lose connection
 - change the address of your router from to
 - add static route to your router (based on your picture)
    - route name = Location1
    - destination LAN NET=
    - subnet mask =
    - gateway =
    - interface = LAN
 - change the LAN IP address of HYPERV to, also change the IP of the VPN interface to 192.168.2.x

2) Location 1
  - add static route to your router - route to mask gateway (GALACTUS)
 - in RRAS configuration should be configuration part where you write what network is on other site - please check it
 - MAGNETO will have only route to the default gateway -

For testing use from command prompt (Start and run cmd.exe) and utility tracert
- from GALACTUS try connect to the HYPERV
- from MAGNETO try tracert -d - the result must be the traffic is routed to the and then to the, next hop then
Tell me the result. please.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FutureTechSysDOTcomAuthor Commented:
For a little clarification on the above - the IP of the VPN interface is set by GALACTUS, on the RRAS server.  Is that where I would change that portion of it?
Tomas ValentaIT ManagerCommented:
I checked on my testing Windows 2003 server the configuration of site to site VPN tunnel and on GALACTUS RRAS config you are assigning only IP for remote client and this mean use the IP address from the network 192.168.1.x.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.