Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN ping problems (subnet?) 2

Status
Not open for further replies.
smeyer56

smeyer56

IS-IT--Management
Oct 16, 2002
206
US
Sorry if this is a simple question.
I have 3 local computers and 1 remote.
Local server 1:
ip: 192.168.100.100
sub:255.255.255.0

Local server 2:
ip: 192.168.100.101
sub:255.255.0.0

local desktop:
ip: 192.168.100.98
sub:255.255.255.0

remote desktop:
ip: 192.168.123.20
sub:255.255.0.0 or 255.255.255.0 have tried both

All local computers communicate and ping fine, even though the one server is on a different subnet. The remote desktop connects over a VPN and I can ping Server 1 and local desktop fine when sub is .0 I cannot ping server 2. If I change the sub to .0.0 I cannot ping anything. I need to be able to connect the remote to server 2.

Any ideas?



 
Sort by date Sort by votes
To rephrase your IP scheme:
Server 1 can communicate with the addresses 192.168.100.*
Server 2 can communicate with the addresses 192.168.*.*
Local pc can communicate with the addresses 192.168.100.*

With a mask of 255.255.255.0 (/24), the remote pc can communicate with the addresses 192.168.123.* . The problem is that none of the other machines are in that address range.

With a mask of 255.255.0.0 (/16), the remote pc can communicate with the addresses 192.168.*.* . This will allow comm to server 2, but since the other server and pc can only comm to 192.168.100.*, they will ignore any traffic from 192.168.123.20.

To fix this, either bring the remote pc into the 192.168.100.* address range or set all subnet masks to 255.255.0.0 (/16).

hth.
 
Upvote 0 Downvote
By the way, ping is independent of the subnet and is not filtered by it. I can ping Google or Microsoft, and they're certainly not on my subnet!
 
Upvote 0 Downvote
This is probably a simple routing question. Because the subnet mask of Server 1 and Local Desktop are 192.168.100.0/24, when a packet arrives from 192.168.123.20 (not in their local subnet) they query their default gateway to route the response packet to the proper destination.

Because the subnet mask of Server 2 is 192.168.0.0/16 the packets from 192.168.123.20 are on the local subnet. So Server 2 queries 192.168.123.20 for its MAC address. Since it is not really on the local subnet, but routed from another location, it never responds. Server 2 gives up and never responds.

As a general rule, all machines in the same subnet should have the same subnet mask. If they don't, you either need a very good reason for the difference (I can't think of a single one off hand, but maybe there is). The subnet mask was probably changed to allow more than 1 subnet to speak to Server 2, but that is better handled by using a secondary IP address on the existing interface, or adding a second interface, or routing packets from the other subnet(s).


pansophic
 
Upvote 0 Downvote
Thanks for the response,

The problem is that I cannot ping server 2 at either subnet from the remote location. I will try changing the IP on the remote to 192.168.100.20
 
Upvote 0 Downvote
Changing the subnet will not affect ping. You have other problems.
 
Upvote 0 Downvote
You need to change the subnet mask of Server 2. Unfortunately without knowing why it was set that way, there is no way to tell what else might break.


pansophic
 
Upvote 0 Downvote
Another solution that may break less that changing server 2 is to change the remote PC to:
10.0.0.20
255.255.255.0
This will require you to change it's default gateway to 10.0.0.x

I tried to remain child-like, all I acheived was childish.
 
Upvote 0 Downvote
I guess I made the assumption that the VPN's scope and routing was already fixed and a 10.0.0.x address would never route over the VPN. If that isn't the case then getting the remote computer out of the subnet space of Server 2 will force Server 2 to send its response packets to the gateway.


pansophic
 
Upvote 0 Downvote
It will vary by site, but for my VPNs, changing the subnet of a couple remote PCs is far less risky than changing the netmask of a company server. (Although, I think we all suspect it is wrong)

I tried to remain child-like, all I acheived was childish.
 
Upvote 0 Downvote

I figured out why the subnet was wrong on the server and I can change it without breaking alot. But I have to wait until late at night to change it. I did add a route to that server and I can access it easily.

Thanks!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
637
sbcsu
sbcsu
sologeek
  • Locked
  • Question
VPN server help
Replies
0
Views
542
sologeek
sologeek
iDio
  • Locked
  • Question
Pinging 2 devices connected to switch
Replies
10
Views
258
iDio
iDio
TheDugsBaws
  • Locked
  • Question
DNS/VPN/IP Addressing
Replies
0
Views
104
TheDugsBaws
TheDugsBaws
coorsman
  • Locked
  • Question
Subnet question 1
Replies
1
Views
97
mltoombs
mltoombs

Part and Inventory Search

Sponsor

Back
Top