PPTP VPN not routing ping back to a single server.
I have a problem with a single server not being able to ping another host over a persistant Demand Dial PPTP VPN. I have 2 remote locations setup with this and I am able to ping/map/rdp/etc. to both locations execpt from a single server.
My setup is as follows.
I have a Linux Firewall/router as the WAN gateway on all 3 locations and RRAS setup in each location as the gateway for all internal hosts so that RRAS routes to either site. The new site is in a datacenter and has 2 ESXI hosts that house 5 VM's (1 Server
2008R2 application server, 1 W2k3 DC/RRAS, 2 Linux SAN boxes in an HA config) I am able to ping all 5 VM's and the hosts from any workstation on my lan BUT from the problem server I can only ping the 5 VM's. If I ping any of the 5 VM's the pings are routed
over the VPN and reply's come back. If I ping one of the ESXI hosts from the problem server it hits the RRAS gateway and the VPN tunnel IP and then never returns. If I ping the EXSI hosts from any other workstation on my lan I get a reply. The one glaring
problem I see is that when I ping from the problem server to the esxi host I see blocked attempts on the WAN firewall at the datacenter for the ICMP pings going back to my main subnet. The fact that I can ping across the vpn to one host and get a reply and
ping another and it not return is beyond odd to me.
Remote Location 1 Subnet: 192.168.10.0/24
Main Location Subnet: 192.168.0.0/24
Datacenter Subnet: 192.168.50.0/24
All have static routes set and DNS and AD are replicating and I can RDP in to all the VM machines from the main location. What would make RRAS route one ping back over the VPN and allow another ping to try and route back over the WAN with an unroutable address
(192.168.0.6).
I do have both the unpingable hosts with the RRAS server as the gateway also.
June 3rd, 2011 10:10pm
Hi John,
Thanks for posting here.
Can you verify the route table at RRAS server of the datacenter site(192.168.50.0/24) ? please also post the “ ipconfig /all ”
result here.
According the description , I think there may have an incorrect interface binging of route entry cause this issue that RRAS forwards the traffic where destination
is 192.168.0.0/24 or 192.168.0.6 to the internet interface rather than Demand Dial PPTP interface on RRAS.
Thanks.
Tiger Li
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2011 9:40am
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 0c 29 aa f5 cf ...... Intel(R) PRO/1000 MT Network Connection
0x20004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.50.1 192.168.50.9 10
74.223.211.46 255.255.255.255 192.168.50.1 192.168.50.9 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 0.0.0.0 192.168.0.53 1
192.168.0.0 255.255.255.0 192.168.50.105 192.168.0.53 1
192.168.0.53 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.0.255 255.255.255.255 192.168.0.53 192.168.0.53 50
192.168.10.0 255.255.255.0 192.168.50.105 192.168.0.53 1
192.168.50.0 255.255.255.0 192.168.50.9 192.168.50.9 10
192.168.50.9 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.50.105 255.255.255.255 192.168.0.53 192.168.0.53 1
192.168.50.109 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.50.255 255.255.255.255 192.168.50.9 192.168.50.9 10
224.0.0.0 240.0.0.0 192.168.0.53 192.168.0.53 50
224.0.0.0 240.0.0.0 192.168.50.9 192.168.50.9 10
255.255.255.255 255.255.255.255 192.168.0.53 192.168.0.53 1
255.255.255.255 255.255.255.255 192.168.50.9 192.168.50.9 1
Default Gateway: 192.168.50.1
===========================================================================
Persistent Routes:
None
Windows IP Configuration
Host Name . . . . . . . . . . . . : colodc2003
Primary Dns Suffix . . . . . . . : FSL.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : FSL.local
PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.50.109
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-AA-F5-CF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.50.9
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.50.1
DNS Servers . . . . . . . . . . . : 192.168.50.9
192.168.0.5
PPP adapter COLOVPN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.53
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.5
192.168.0.2
NetBIOS over Tcpip. . . . . . . . : Disabled
Thanks for the help. I set everything up just like I did the previous remote site where everything seems to work fine.
June 7th, 2011 4:03pm