Don't think you can be stumped, Answer this Ping Question!

[Maxm412]

Let me give you little run down of my simple setup and explain the problem.
1) I have a server running server 2000
it is configured with RRAS and is its own router.

2) I have a windows xp pro for the client.

The problem is that I can ping a number of ip address with the client. Ip's that allow pinging like yahoo.com and others.

However, I was trying to setup a citrix connection on the client but the problem is I can't even ping the citrix ip address with the client. However, I can ping the citrix ip with my server and I am able to connect on the citrix client from the server.

I believe that if I can figure out why I can not ping the citrix server IP on the client and get that corrected I should be able to connect the citrix session on the client. I just can not figure out why I would not be able to ping an ip that my server can ping, BUT CAN ping other ips.

I should have clearified a litte more with my problem.
I only mentioned the RRAS because that is where you configure your server to "ACT" as the router itself. There is actually no VPN connections taking place.

This situation is soley a single domain network, server, and client.

Also, I do have Ip routing checked off on the RRAS server properties as that was required to make it an official router for my client.

Basically, it is a question of what on my server could be stopping my client from pinging an ip that the server can ping, BUT (the big but) why can the client still ping other ips like yahoo (lmhost?) NOTE: no firewall hardware or software.


PLEASE HELP

 

[GrimDeath]

The one thing you didn't mentionw as if the server, the client, and the citrix are ont he same IP subnet or is it supposed to route through the server. The reason I ask is because I still don't even see why the server has any routing on it. My guess is though, that the citrix box is not on the internet but some different subnet that the server has no router entry for...you got some splaining to do lucy...

 

[PKearns]

Hi, this may shed some light, if you are comming across a WAN from your client to your Citrix server be aware that a network segment on the connection may have a maximum packet size that is smaller than the packet size of the communicating hosts, check out MS KB 314825

 

[Maxm412]

Thanks so much for the responses, I will check out that MS sheet as soon as I do some "splaining Ricky"...lol

Anyhow, to put in a better perspective of what I have setup, I have the following.

A simple 2 computer network, single domain. Ran by a win 2000 server that has RRAS installed and configured solee for the purpose of playing "router" instead of having a separate hardware router. The server is setup as a DHCP server in addition as my client is setup with DHCP enabled.

My client is a windows XP pro, and connects directly to a hub which the server is on as well. When I boot up my server will adequately hand out a IP address within a range I designated.

The citrix server is completely on the other side of town and I have to go through the internet (cable ISP) to reach it. I can't tell you alot about the citrix server because it is actually at my wife's work.

THE PROBLEM: The problem that I found was this:
THE CLIENT: can ping alot of different IP address, so that is a simple explanation that ping is enabled, and can work for the most part. Yes, I am aware that certain sites and servers have ICMP setup to not allow echos on pings. Finally, the client however, can not ping the citrix server which to answer the question, is on a different submask.

THE SERVER: However, here comes the baffeling part. I can ping the citrix server without problem on the server (2000 server). I also am able to configure the citrix client on the server and it will make a connection to the citrix server. Unlike the server though, the client can't ping the citrix server and in addition I am not able to configure the citrix client to connect. I am assuming, that because of the lack of being able to ping the citrix ip with the client is probably (but not necessarily) the answer to why the client is not able to connect to the citrix server either. The biggest knock back is that I would halfway understand whats going on if I couldn't ping with the windows xp client AT ALL. But, I can ping alot of ip's. Then all of a sudden, I am not able to ping this one ip that is to a citrix server, while my server can. So, its like certain submask, or something that is filtering the ability to ping certain ips.

I hope this explains the issue here a little better. Any chance of helping me with some things I can look at that might be causing this????

 

[ricpinto]

Can you check if the client got some kind of software firewall enabled(XP built in firewall, zonealarm, sygate, etc) and this citrix ip is blocked. Check also TCP/IP filtering.

 

[DG659]

try doing a tracert to the citrix IP least youll know how far it goes before failing could be the TTL .

 

[Maxm412]

I did a traceroute on the client and here is what it comes up with:
*********************

Tracing route to h-68-166-112-230.phlapafg.covad.net [68.166.112.230]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.0.0.1
2 * * * Request timed out.
3 10 ms 9 ms 14 ms 12.244.28.65
4 20 ms 22 ms 16 ms 12.244.72.70
5 19 ms 19 ms 22 ms tbr1-p012401.phlpa.ip.att.net [12.123.137.45]
6 20 ms 19 ms 22 ms tbr1-cl8.n54ny.ip.att.net [12.122.2.17]
7 23 ms 49 ms 19 ms 12.123.3.105
8 19 ms 33 ms 18 ms so-1-0-0.edge1.newyork1.level3.net [4.68.127.5]

9 26 ms 19 ms 21 ms ge-2-1-0.bbr2.newyork1.level3.net [64.159.4.149]

10 21 ms 21 ms 22 ms so-0-1-0.mp1.philadelphia1.level3.net [64.159.0.
141]
11 51 ms 24 ms 22 ms ge-11-0.hsa1.philadelphia1.level3.net [64.159.0.
146]
12 21 ms 24 ms 21 ms unknown.level3.net [63.208.96.14]
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * *

 

[DG659]

it looks very like a firewall issue, tho time out on second hop(i guess thats your router) looks strange have you tried setting a DMZ for the client IP on the router?

is it a mac authenticated cirtix server ?

is your set up something like this
Router (192.168.1.1)

|
|
|
server nic1(192.168.1.2)
RRAS
server nic2(192.168.2.1)
|
|
|
client (192.168.2.2)

 

[Maxm412]

Yes, that is a pretty fair assumption on my setup.

It is is like this:

cable connection
|
|
service nic 1
|
RRAS
|
Server nic 2
|
HUB
|
|
XP client


And to be honest about the citrix being a mac authenticated
server, I couldn't say since I have nothing to do with the server or have access to find out.. Well if it truely was needed to be known I could find out someway.

 

[DG659]

i was thinking if your server can access the Citrix it could be the clients Mac address is not on the include list so its packets are being discarded.

 

[netometer]

Hi!
I tried to ping 68.166.112.230 and it did not respond.
Have you tried to connect the XP machine directly to the Router?

NetoMeter

http://www.netometer.net

 

[EddieVenus]

Can you ping in the other direction? (from the "citrix' tot he "client")

This looks like a common instance of poor routing design. I hear what eveyone is saying, and knowing that there is no firewall, and that the "server" can see the "citrix" and the "client" can see the "server", it would either be a firewall/ACL issue or a routing issue. My guess is that the packets are going where they are supposed to go, only they are not coming back like you intended. The "citrix" machine does not know how to route the packet back to the "client". Thus those packets are most likely going to the default gateway of the Citrix machine. This will of course give you the problems you discribed.

Try adding a static route to the "citrix" device that tells it to look to the "server" as the gateway to the "client" This should fix this problem. The other option is to make the "server" the default gateway for the "citrix" device. This may not be feasible for other reasons, but it is an option.

This only is the case if the "client" and "server" are not on the same subnet.

If they are on the same subnet, then that would lead me to believe that the Citrix device is off site. If that is true, then it could be a firewall issue on the the Citrix end.

 

[EddieVenus]

Any news on this? Did you ever get it working?