cann't ping static ip but can connect to server?

[lenny109]

Hi,

I am having a bit of trouble setting up a VPN and the latest problem is I can connect through the VPN to the server but am unable to view any of the files on the server. I also can not ping the static IP address. All firewalls are turned off.

When I am connected I can ping the ip address given from ipconfig which is 10.0.0.5

The actual internal ip of the server is 10.0.0.6

 

[ChicagoTechNet]

quoted from

http://www.chicagotech.net/

Can't access the remote network from VPN clients

Symptoms: Your VPN client can ping/access the server but not other computers in the remote network.

Resolutions: 1) if you have two NICs in the VPN server, you may need to enable IP Routing. To do this, go to the RRAS>the Properties of the server>IP, check IP Routing.
2) Make sure you don't uncheck Use the remote default gateway on VPN client's VPN connection.
3) Make sure VPN client's LAN and the remote LAN are using the different same IP range and subnet.
4) Use routing table to troubleshooting.


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network and How to at

http://www.ChicagoTech.net

 

[TekConsult]

ChicagoNet:

I have a similar problem, so thanks for your answers. But I have only one NIC in the VPN server. So what do you think could be the problem? Can you elaborate on Step 4, please?

Thanks

 

[ChicagoTechNet]

post the routing table by using route print command.

Robert Lin, MS-MVP, MCSE & CNE
Windows, Network and How to at

http://www.ChicagoTech.net

 

[TekConsult]

Mr. Lin/ChicagoNet:

Here is what I get from ipconfig/all and route print done at my remote VPN client. Hope it is readable..I have changed the static ip to 66.x.x.x for security.

Thanks for your help.

----------------

ipconfig/all:


Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.1.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.10.1.19
DNS Servers . . . . . . . . . . . :
Primary WINS Server . . . . . . . : 10.10.1.2

Route print:

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.1.19 10.10.1.19 1
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 2
10.10.1.19 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.10.1.19 10.10.1.19 1
66.0.0.0 255.0.0.0 192.168.0.1 192.168.0.4 2
[static ip 66.x.x.x] 255.255.255.255 192.168.0.1 192.168.0.4 2
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.4 192.168.0.4 1
192.168.0.4 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.0.255 255.255.255.255 192.168.0.4 192.168.0.4 1
224.0.0.0 224.0.0.0 10.10.1.19 10.10.1.19 1
224.0.0.0 224.0.0.0 192.168.0.4 192.168.0.4 1
255.255.255.255 255.255.255.255 192.168.0.4 192.168.0.4 1
Default Gateway: 10.10.1.19

 

[John Lewis]

Your output, reformatted a bit to be more readable. For future reference, you can get this formatting by enclosing the information in a [ignore][tt] tag like this: [tt] your output [/tt][/ignore]
[tt]
ipconfig/all:


Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.1.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.10.1.19
DNS Servers . . . . . . . . . . . :
Primary WINS Server . . . . . . . : 10.10.1.2

Route print:

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.1.19 10.10.1.19 1
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 2
10.10.1.19 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.10.1.19 10.10.1.19 1
66.0.0.0 255.0.0.0 192.168.0.1 192.168.0.4 2
66.x.x.x 255.255.255.255 192.168.0.1 192.168.0.4 2
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.4 192.168.0.4 1
192.168.0.4 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.0.255 255.255.255.255 192.168.0.4 192.168.0.4 1
224.0.0.0 224.0.0.0 10.10.1.19 10.10.1.19 1
224.0.0.0 224.0.0.0 192.168.0.4 192.168.0.4 1
255.255.255.255 255.255.255.255 192.168.0.4 192.168.0.4 1
Default Gateway: 10.10.1.19
[/tt]

Your routing table looks ok to me, you have selected to route all of your traffic, including internet, across the VPN (the default gateway option on the connection). I usually don't, but it should work.

What kind of response are you getting to your pings? Obviously not a response, but are you seeing a timeout, no route to host, connection refused, etc.

Reviewing your other posts, looks like you are using XP as a VPN server. Couple of things come to mind that might cause the problem there.

IP forwarding needs to be enabled there for you to get to anything other than the VPN server IP, as you are describing. See

http://support.microsoft.com/default.aspx?scid=kb;en-us;315236

The XP ICF (firewall) could cause some problems, although I would not expect you to reach even the VPN server IP if that were the case. Still worth checking if the forwarding issue doesn't help. Also, other firewall software can do stupid things, sometimes installed with AV software without asking/telling, so you may want to check that as well.

 

[John Lewis]

Also, note that . .

1) You do have to enable IP forwarding even if you have only one network card. The VPN connection create a virtual interface, which acts like a second (or third) network card.

2) The RRAS setting mentioned above works in many cases, it basically sets the registry entry mentioned in the KB article automatically. In some configurations, other settings can cause the entry to be reset back to the default after it is enabled, so it doesn't work. Editing the registry manually always works. If in doubt, look to see if the key is there and set properly.

3) The 'use default gateway on remote network' option will not cause you to be unable to browse the server side network. It may cause you to lose connectivity to the internet at large. At the very least, it will cause all of your internet traffic to go across the VPN and out across the internet connection there, which uses a lot of bandwidth. I don't reccomend it, but it should not cause the particular problem being described.

 

[TekConsult]

mhkwood:

Thank you very much for reformatting and giving me your input. I am sorry that I forgot to mention that my VPN client is Win2K Professional. Server is Win2K Advanced server.

I am not sure if there is an IP forwarding feature even in Win2K. I will check it again and let you know.

 

[TekConsult]

By the way, mhkwood, I get timed out during ping.

 

[John Lewis]

IP forwarding is available in all recent Windows releases and the registry entry is the same for XP and 2K, just pulled the wrong KB. See

http://support.microsoft.com/default.aspx?scid=kb;en-us;230082

(or click the link in the other article for the 'W2K version of this article')

 

[TekConsult]

mkhwood:

I manually set the registry setting for IP forwarding. But it still doesn't help. I have enabled pinging in the hardware firewall..so don't think the firewall is the problem. I don't think NetBEUI has anything to do with pinging..but do you think installing NetBEUI on the server might help?

Also, I have doubt about the way the pinging works..Say we are pinging the LAN address of the router..The VPN tunnel initially goes through the router to the VPN server. So does pinging the router involve IP forwarding from the VPN server? (It would seem to be going through the router past it and then coming back into the router to get the packet response..?)

 

[TekConsult]

mhkwood, Lin:

When I reinstalled the RRAS with the IP routing correctly enabled, I can ping and access the other PC's on the LAN. I guess earlier it was all done piece by piece and some settings were not effective.
Thanks very much for your help, mhkwood and Lin.

 

[TekConsult]

mhkwood and Lin:

Now I have another problem with the browsing. You know that my client is Win2K professional..so I can't run a WINS service on this side. I enabled NetBEUI on the server and checked on the VPN client connection..but I get an error msg 733, saying it cannot negotiate the NetBEUI.

I sometimes see all LAN resources on the VPN under my Netwrok Places..but other times I can't..I have enabled NetBios on My firewall.

Do you think fixing this NetBEUI issue will solve this problem or do I need to put an LMHOSTS file on my client?
or Is there a way to run WINS on Win2K Pro?

The problem is I use DHCP..so LMHOSTS won't be stable.
Thanks in advance for your help

 

[John Lewis]

If you install/enable NetBEUI on one side of the VPN, you also need to do so on the other. In order to use it, you would need to use it on the server side as well. Not the answer, though, I don't think.

Start with the basics . . . are file and printer sharing for MS networks and client for MS networks both installed/checked on the client side of the connection? As odd as it sounds, you may also need to share at least one resource on the client side, even if you don't need to access it across the net. Give it a try at that point, sometimes that's all it takes.

Next step would be to install WINS server on the VPN server and set WINS setting on the client connection to use that server. If you are running exchange server there as well, skip that, you will need to do something else. WINS and exchange don't like to play on the same box.