Unable to ping internal LAN after VPN
OS: Windows Server 2008 R2 SP1 Role: RRAS NIC: 1 Domain: No (Standalone) Hello I have searched around here for other users who have had similar issues as I am experiencing now, but I was unable to gather the actual resolutions to the problems and apply them to mine. So here I go. I can successfully establish VPN connections but once the connection is established I am unable to ping anything in the internal LAN, that includes the gateway and the VPN server both by DNS or by IP. I have noticed that once a VPN connection is established in ipconfig there is no gateway retrieved, but there is a correct IP address set on the same subnet as the router and other clients. On the client which is connecting to the VPN server I have set the "Use default gateway on remote network" option and still no luck. The VPN server lies behind a home router (ASUS WL600g) with all of the VPN ports (1723, 500, 1701) and presumably the other protocols such as GRE pointing to it. The firewall is disabled on the VPN server and I am able to ping the gateway and other clients on the network from it. As there is only one NIC do I have to configure NAT on the VPN server? Do I have (or is it recommended) to have the VPN IP range on a different subnet? Do I have to manually route the traffic between the two IP subnets on the router? Regards CountGeek
July 6th, 2011 9:48am

Hi CountGeek, Thanks for posting here. So can client ping RRAS’s interface after VPN tunnel was been property established ? Could you post the “ipconfig /all” and “route print” result from both RRAS server and client here first ? Meanwhile, you can also start troubleshooting form the articles below : Cannot reach beyond the RRAS server from VPN clients? http://blogs.technet.com/b/rrasblog/archive/2006/02/09/cannot-reach-beyond-the-rras-server-from-vpn-clients.aspx VPN clients are unable to access resources beyond the VPN server. http://technet.microsoft.com/en-us/library/cc772616(WS.10).aspx#BKMK_5 Thanks. Tiger Li Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2011 3:00am

Hello Tiger Li Thank you for the reply. To add to further confusion I have added another NIC to the server in hopefully making it easier to configure. What do you think? I am pretty sure that the problem here is the routing between the two networks, and I am unsure where and how to really configure it. I somehow understand the principle, but... anyway here is some of the information which you have requested: SERVER C:\Users\Administrator>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : WIN-2K8-DEV Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No PPP adapter RAS (Dial In) Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : RAS (Dial In) Interface Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.15.10(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter External: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection # 2 Physical Address. . . . . . . . . : 00-0C-29-9B-62-5F DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.15.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Internal: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-0C-29-9B-62-55 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.1.91(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{0D57B9C8-0CFC-4D1A-B522-AF38F4655BDC}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3009:256c:3f57:fea4(Pref erred) Link-local IPv6 Address . . . . . : fe80::3009:256c:3f57:fea4%13(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{E9A87389-062B-4D38-BCA5-C2E8807752C5}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes C:\Users\Administrator> C:\Users\Administrator>route print =========================================================================== Interface List 24...........................RAS (Dial In) Interface 21...00 0c 29 9b 62 5f ......Intel(R) PRO/1000 MT Network Connection #2 11...00 0c 29 9b 62 55 ......Intel(R) PRO/1000 MT Network Connection 1...........................Software Loopback Interface 1 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.91 266 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.91 266 192.168.1.91 255.255.255.255 On-link 192.168.1.91 266 192.168.1.255 255.255.255.255 On-link 192.168.1.91 266 192.168.15.0 255.255.255.0 On-link 192.168.15.1 266 192.168.15.1 255.255.255.255 On-link 192.168.15.1 266 192.168.15.10 255.255.255.255 On-link 192.168.15.10 306 192.168.15.255 255.255.255.255 On-link 192.168.15.1 266 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.91 266 224.0.0.0 240.0.0.0 On-link 192.168.15.1 266 224.0.0.0 240.0.0.0 On-link 192.168.15.10 306 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.91 266 255.255.255.255 255.255.255.255 On-link 192.168.15.1 266 255.255.255.255 255.255.255.255 On-link 192.168.15.10 306 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.1.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 13 58 ::/0 On-link 1 306 ::1/128 On-link 13 58 2001::/32 On-link 13 306 2001:0:5ef5:79fd:3009:256c:3f57:fea4/128 On-link 13 306 fe80::/64 On-link 13 306 fe80::3009:256c:3f57:fea4/128 On-link 1 306 ff00::/8 On-link 13 306 ff00::/8 On-link =========================================================================== Persistent Routes: None C:\Users\Administrator> CLIENT C:\Users\user>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : client1 Primary Dns Suffix . . . . . . . : demo.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : demo.local PPP adapter NKT: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NKT Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.15.15(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN Physical Address. . . . . . . . . : 00-21-5D-42-24-20 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.0.0.73(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.0.3 DNS Servers . . . . . . . . . . . : 10.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter VirtualBox Host-Only Network: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter Physical Address. . . . . . . . . : 08-00-27-00-E4-65 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Autoconfiguration IPv4 Address. . : 169.254.205.49(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{F548E8FF-2F23-4A96-A428-337A49F9A1B8}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter 6TO4 Adapter: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{BF0894E8-F3DB-4ADF-B84A-EC898D0FC144}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{C5557665-EA55-4CAB-9CEB-BB3528358696}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.10.0.0.1: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes C:\Users\user> C:\Users\user>route print =========================================================================== Interface List 15...00 21 5d 42 24 20 ......Intel(R) WiFi Link 5100 AGN 28...08 00 27 00 e4 65 ......VirtualBox Host-Only Ethernet Adapter 1...........................Software Loopback Interface 1 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.0.0.3 10.0.0.73 26 10.0.0.0 255.255.255.0 On-link 10.0.0.73 281 10.0.0.73 255.255.255.255 On-link 10.0.0.73 281 10.0.0.255 255.255.255.255 On-link 10.0.0.73 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.0.0 255.255.0.0 On-link 169.254.205.49 276 169.254.205.49 255.255.255.255 On-link 169.254.205.49 276 169.254.255.255 255.255.255.255 On-link 169.254.205.49 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 169.254.205.49 276 224.0.0.0 240.0.0.0 On-link 10.0.0.73 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 169.254.205.49 276 255.255.255.255 255.255.255.255 On-link 10.0.0.73 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.0.0.3 1 =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 1 306 ff00::/8 On-link =========================================================================== Persistent Routes: None C:\Users\user> Something like this now that there are two NICs EXT & INT: VPN Client -------- > ROUTER ------> WIN-2K8-DEV EXT ----------------- > WIN-2K8-DEV INT ----------------- > LAN Client 10.0.0.x 192.168.1.1 192.168.15.1 192.168.1.91 192.168.1.20 Regards CountGeek
July 7th, 2011 11:12am

Hi CountGeek, Thanks for update. Yes, by using RRAS with two NICs for VPN service will make things simpler. According the information you just posted , it appears that there is no any entry for your internal IP segment . I am not sure if this is a typo but seems quite explainable that why clients unable to reach any internal hosts. Meanwhile, you mentioned that the option “Use default gateway on remote network” was been checked , I’d like to suggest you to double check that on clients: IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.0.0.3 10.0.0.73 26 10.0.0.0 255.255.255.0 On-link 10.0.0.73 281 10.0.0.73 255.255.255.255 On-link 10.0.0.73 281 10.0.0.255 255.255.255.255 On-link 10.0.0.73 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.0.0 255.255.0.0 On-link 169.254.205.49 276 169.254.205.49 255.255.255.255 On-link 169.254.205.49 276 169.254.255.255 255.255.255.255 On-link 169.254.205.49 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 169.254.205.49 276 224.0.0.0 240.0.0.0 On-link 10.0.0.73 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 169.254.205.49 276 255.255.255.255 255.255.255.255 On-link 10.0.0.73 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.0.0.3 1 =========================================================================== You may also set the VPN test environment with following the article below: Remote Access Step-by-Step Guide: Deploying Remote Access with VPN Reconnect http://technet.microsoft.com/en-us/library/dd637783(WS.10).aspx Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2011 5:52am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics