Unable to ping internal LAN after VPN
OS: Windows Server 2008 R2 SP1
Role: RRAS
NIC: 1
Domain: No (Standalone)
Hello
I have searched around here for other users who have had similar issues as I am experiencing now, but I was unable to gather the actual resolutions to the problems and apply them to mine. So here I go.
I can successfully establish VPN connections but once the connection is established I am unable to ping anything in the internal LAN, that includes the gateway and the VPN server both by DNS or by IP.
I have noticed that once a VPN connection is established in ipconfig there is no gateway retrieved, but there is a correct IP address set on the same subnet as the router and other clients.
On the client which is connecting to the VPN server I have set the "Use default gateway on remote network" option and still no luck.
The VPN server lies behind a home router (ASUS WL600g) with all of the VPN ports (1723, 500, 1701) and presumably the other protocols such as GRE pointing to it.
The firewall is disabled on the VPN server and I am able to ping the gateway and other clients on the network from it.
As there is only one NIC do I have to configure NAT on the VPN server?
Do I have (or is it recommended) to have the VPN IP range on a different subnet?
Do I have to manually route the traffic between the two IP subnets on the router?
Regards
CountGeek
July 6th, 2011 9:48am
Hi CountGeek,
Thanks for posting here.
So can client ping RRAS’s interface after VPN tunnel was been property established ?
Could you post the “ipconfig /all” and “route print” result from both RRAS server and client here first ?
Meanwhile, you can also start troubleshooting form the articles below :
Cannot reach beyond the RRAS server from VPN clients?
http://blogs.technet.com/b/rrasblog/archive/2006/02/09/cannot-reach-beyond-the-rras-server-from-vpn-clients.aspx
VPN clients are unable to access resources beyond the VPN server.
http://technet.microsoft.com/en-us/library/cc772616(WS.10).aspx#BKMK_5
Thanks.
Tiger Li
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2011 3:00am
Hello Tiger Li
Thank you for the reply.
To add to further confusion I have added another NIC to the server in hopefully making it easier to configure. What do you think?
I am pretty sure that the problem here is the routing between the two networks, and I am unsure where and how to really configure it. I somehow understand the principle, but... anyway here is some of the information which you have requested:
SERVER
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN-2K8-DEV
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
PPP adapter RAS (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RAS (Dial In) Interface
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.15.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter External:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
2
Physical Address. . . . . . . . . : 00-0C-29-9B-62-5F
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.15.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Internal:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-9B-62-55
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.91(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{0D57B9C8-0CFC-4D1A-B522-AF38F4655BDC}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3009:256c:3f57:fea4(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::3009:256c:3f57:fea4%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{E9A87389-062B-4D38-BCA5-C2E8807752C5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Administrator>
C:\Users\Administrator>route print
===========================================================================
Interface List
24...........................RAS (Dial In) Interface
21...00 0c 29 9b 62 5f ......Intel(R) PRO/1000 MT Network Connection #2
11...00 0c 29 9b 62 55 ......Intel(R) PRO/1000 MT Network Connection
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.91 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.91 266
192.168.1.91 255.255.255.255 On-link 192.168.1.91 266
192.168.1.255 255.255.255.255 On-link 192.168.1.91 266
192.168.15.0 255.255.255.0 On-link 192.168.15.1 266
192.168.15.1 255.255.255.255 On-link 192.168.15.1 266
192.168.15.10 255.255.255.255 On-link 192.168.15.10 306
192.168.15.255 255.255.255.255 On-link 192.168.15.1 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.91 266
224.0.0.0 240.0.0.0 On-link 192.168.15.1 266
224.0.0.0 240.0.0.0 On-link 192.168.15.10 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.91 266
255.255.255.255 255.255.255.255 On-link 192.168.15.1 266
255.255.255.255 255.255.255.255 On-link 192.168.15.10 306
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:3009:256c:3f57:fea4/128
On-link
13 306 fe80::/64 On-link
13 306 fe80::3009:256c:3f57:fea4/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Users\Administrator>
CLIENT
C:\Users\user>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : client1
Primary Dns Suffix . . . . . . . : demo.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : demo.local
PPP adapter NKT:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NKT
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.15.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-21-5D-42-24-20
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.0.73(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.3
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-E4-65
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IPv4 Address. . : 169.254.205.49(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{F548E8FF-2F23-4A96-A428-337A49F9A1B8}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{BF0894E8-F3DB-4ADF-B84A-EC898D0FC144}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{C5557665-EA55-4CAB-9CEB-BB3528358696}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.10.0.0.1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\user>
C:\Users\user>route print
===========================================================================
Interface List
15...00 21 5d 42 24 20 ......Intel(R) WiFi Link 5100 AGN
28...08 00 27 00 e4 65 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.3 10.0.0.73 26
10.0.0.0 255.255.255.0 On-link 10.0.0.73 281
10.0.0.73 255.255.255.255 On-link 10.0.0.73 281
10.0.0.255 255.255.255.255 On-link 10.0.0.73 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.205.49 276
169.254.205.49 255.255.255.255 On-link 169.254.205.49 276
169.254.255.255 255.255.255.255 On-link 169.254.205.49 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.205.49 276
224.0.0.0 240.0.0.0 On-link 10.0.0.73 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.205.49 276
255.255.255.255 255.255.255.255 On-link 10.0.0.73 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.0.0.3 1
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Users\user>
Something like this now that there are two NICs EXT & INT:
VPN Client -------- > ROUTER ------> WIN-2K8-DEV EXT ----------------- > WIN-2K8-DEV INT ----------------- > LAN Client
10.0.0.x 192.168.1.1 192.168.15.1
192.168.1.91 192.168.1.20
Regards
CountGeek
July 7th, 2011 11:12am
Hi CountGeek,
Thanks for update.
Yes, by using RRAS with two NICs for VPN service will make things simpler. According the information you just posted , it appears that there is no any entry for your
internal IP segment . I am not sure if this is a typo but seems quite explainable that why clients unable to reach any internal hosts. Meanwhile, you mentioned that the option “Use default gateway on remote network” was been checked ,
I’d like to suggest you to double check that on clients:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination
Netmask Gateway
Interface Metric
0.0.0.0 0.0.0.0
10.0.0.3 10.0.0.73
26
10.0.0.0 255.255.255.0
On-link 10.0.0.73
281
10.0.0.73 255.255.255.255 On-link
10.0.0.73 281
10.0.0.255 255.255.255.255 On-link
10.0.0.73 281
127.0.0.0 255.0.0.0
On-link 127.0.0.1
306
127.0.0.1 255.255.255.255 On-link
127.0.0.1 306
127.255.255.255 255.255.255.255
On-link 127.0.0.1
306
169.254.0.0 255.255.0.0
On-link 169.254.205.49
276
169.254.205.49 255.255.255.255
On-link 169.254.205.49 276
169.254.255.255 255.255.255.255
On-link 169.254.205.49
276
224.0.0.0 240.0.0.0
On-link 127.0.0.1
306
224.0.0.0 240.0.0.0
On-link 169.254.205.49
276
224.0.0.0 240.0.0.0
On-link 10.0.0.73
281
255.255.255.255 255.255.255.255
On-link 127.0.0.1
306
255.255.255.255 255.255.255.255
On-link 169.254.205.49
276
255.255.255.255 255.255.255.255
On-link 10.0.0.73
281
===========================================================================
Persistent Routes:
Network Address
Netmask Gateway Address Metric
0.0.0.0 0.0.0.0
10.0.0.3 1
===========================================================================
You may also set the VPN test environment with following the article below:
Remote Access Step-by-Step Guide: Deploying Remote Access with VPN Reconnect
http://technet.microsoft.com/en-us/library/dd637783(WS.10).aspx
Thanks.
Tiger Li
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2011 5:52am