XP unable to ping.

[WBM]

I have a Netgear FVS318 router connecting to a Sonicwall Pro. The
sonicwall side is a network with a W2K server. The Netgear side is a
lan with 3 workstations. The netgear shows the tunnel is created and
working. The Netgear router can also ping the server IP address
through the tunnel. Two of the workstations on the Netgear side are
W2K pro systems. They can ping the server and map drives to the IP
address. One workstation is an XP home system. It cannot ping the
server or map anything.

The IP address for the XP system issued by the router is correct for
the subnet.
The default gateway is correct - the router address.
The XP workstation can ping the Netgear router OK but nothing beyond
over the tunnel.
The XP system has Internet access as well through the router.
The firewall on the XP box is turned off.
File sharing is turned on for the Ethernet connector connecting to the
Netgear router.

What is different about the XP home OS that prevents it from using the
IPSec tunnel??? Anything I missed?

 

[Lanwench [MVP - Exchange]]

From one of the W2k workstations on the Netgear side, can you ping the XP
home computer by IP address?

 

[WBM]

Yes.

From one of the W2k workstations on the Netgear side, can you ping the XP
home computer by IP address?

 

[Lanwench [MVP - Exchange]]

Hmmm - and I presume you can ping the XP computer's IP from within the
NetGear interface as well? Have you checked the NetGear to make sure that IP
address is not being excluded (this is a WAG)? If you temporarily disable
the VPN tunnel, can the computer at least get to the Internet (ping your DNS
server's IP)

Yes.

Lanwench [MVP - Exchange]"

From one of the W2k workstations on the Netgear side, can you ping
the XP home computer by IP address?

 

[WBM]

I have no excluded addresses in the class. The weird part is the
system can ping the Internet DNS server any time. The Internet
connection works just fine with tunnel active or not. It just refuses
to route packets to the router for another private LAN. The server lan
is a class A and the Netgear side is a class C. By viewing traffic
received by the router, it seems that any reference to the class A lan
never makes it to the router.

This strongly points to the gateway as the problem but IPCONFIG says
the gateway is fine and the Internet pages have no problem.

I have set up at least two dozen of these routers and have never had a
problem with the VPN connection, but this is the first XP workstation
I have used as a client. I thought this was some new XP bug/feature I
was not privy to. Short of formating the sucker and reloading 2K I'm
stumped.

Hmmm - and I presume you can ping the XP computer's IP from within the
NetGear interface as well? Have you checked the NetGear to make sure that IP
address is not being excluded (this is a WAG)? If you temporarily disable
the VPN tunnel, can the computer at least get to the Internet (ping your DNS
server's IP)

Yes.

Lanwench [MVP - Exchange]"

From one of the W2k workstations on the Netgear side, can you ping
the XP home computer by IP address?

WBM wrote:
I have a Netgear FVS318 router connecting to a Sonicwall Pro. The
sonicwall side is a network with a W2K server. The Netgear side is a
lan with 3 workstations. The netgear shows the tunnel is created and
working. The Netgear router can also ping the server IP address
through the tunnel. Two of the workstations on the Netgear side are
W2K pro systems. They can ping the server and map drives to the IP
address. One workstation is an XP home system. It cannot ping the
server or map anything.

The IP address for the XP system issued by the router is correct for
the subnet.
The default gateway is correct - the router address.
The XP workstation can ping the Netgear router OK but nothing beyond
over the tunnel.
The XP system has Internet access as well through the router.
The firewall on the XP box is turned off.
File sharing is turned on for the Ethernet connector connecting to
the Netgear router.

What is different about the XP home OS that prevents it from using
the IPSec tunnel??? Anything I missed?

 

[Mohamed Abdulla]

Allow me here to suggest a "route print" command at the XP Workstation. Here
you are looking for wrong static entries that may mislead the traffic to the
remote Private LAN. If you find an entry that may do so, just delete it. Or
alternatively you may add a static route entry at the XP workstation (with
"route add" command) then trying to access the W2K server. Instead of "PING"
try using the "tracert" command that may give you more useful information on
the path your traffic is taking.

I have no excluded addresses in the class. The weird part is the
system can ping the Internet DNS server any time. The Internet
connection works just fine with tunnel active or not. It just refuses
to route packets to the router for another private LAN. The server lan
is a class A and the Netgear side is a class C. By viewing traffic
received by the router, it seems that any reference to the class A lan
never makes it to the router.

This strongly points to the gateway as the problem but IPCONFIG says
the gateway is fine and the Internet pages have no problem.

I have set up at least two dozen of these routers and have never had a
problem with the VPN connection, but this is the first XP workstation
I have used as a client. I thought this was some new XP bug/feature I
was not privy to. Short of formating the sucker and reloading 2K I'm
stumped.




"Lanwench [MVP - Exchange]"

Hmmm - and I presume you can ping the XP computer's IP from within the
NetGear interface as well? Have you checked the NetGear to make sure that IP
address is not being excluded (this is a WAG)? If you temporarily disable
the VPN tunnel, can the computer at least get to the Internet (ping your DNS
server's IP)

Yes.

Lanwench [MVP - Exchange]"
message From one of the W2k workstations on the Netgear side, can you ping
the XP home computer by IP address?

WBM wrote:
I have a Netgear FVS318 router connecting to a Sonicwall Pro. The
sonicwall side is a network with a W2K server. The Netgear side is a
lan with 3 workstations. The netgear shows the tunnel is created and
working. The Netgear router can also ping the server IP address
through the tunnel. Two of the workstations on the Netgear side are
W2K pro systems. They can ping the server and map drives to the IP
address. One workstation is an XP home system. It cannot ping the
server or map anything.

The IP address for the XP system issued by the router is correct for
the subnet.
The default gateway is correct - the router address.
The XP workstation can ping the Netgear router OK but nothing beyond
over the tunnel.
The XP system has Internet access as well through the router.
The firewall on the XP box is turned off.
File sharing is turned on for the Ethernet connector connecting to
the Netgear router.

What is different about the XP home OS that prevents it from using
the IPSec tunnel??? Anything I missed?

 

[WBM]

Thanks Mohamed and Lanwench for all of the suggestions. It was a great
help to bounce the problem off of someone else in my field.

Final status:

I ran tracert and it never pinged the first address, not even the
router.
I did a route print and saw nothing out of the ordinary. Just for good
measure, I entered a route for all of the server networks addresses
(10.0.0.0) to go to the router address. I gave it a metric of 1. This
should have overridden the gateway and any other route. No difference.
As a control, I setup a second workstation, this time with XP
proffesional. It works perfectly. I said AhHa! Its the Home edition. I
formatted the Home edition and reloaded with Home again. Now it
works.!!?? A bad OS load the first time? The XP was a new system and
was untested with any network but I still don't know what was the
problem.

Thanks again to everyone.

Allow me here to suggest a "route print" command at the XP Workstation. Here
you are looking for wrong static entries that may mislead the traffic to the
remote Private LAN. If you find an entry that may do so, just delete it. Or
alternatively you may add a static route entry at the XP workstation (with
"route add" command) then trying to access the W2K server. Instead of "PING"
try using the "tracert" command that may give you more useful information on
the path your traffic is taking.

I have no excluded addresses in the class. The weird part is the
system can ping the Internet DNS server any time. The Internet
connection works just fine with tunnel active or not. It just refuses
to route packets to the router for another private LAN. The server lan
is a class A and the Netgear side is a class C. By viewing traffic
received by the router, it seems that any reference to the class A lan
never makes it to the router.

This strongly points to the gateway as the problem but IPCONFIG says
the gateway is fine and the Internet pages have no problem.

I have set up at least two dozen of these routers and have never had a
problem with the VPN connection, but this is the first XP workstation
I have used as a client. I thought this was some new XP bug/feature I
was not privy to. Short of formating the sucker and reloading 2K I'm
stumped.




"Lanwench [MVP - Exchange]"

Hmmm - and I presume you can ping the XP computer's IP from within the
NetGear interface as well? Have you checked the NetGear to make sure that IP
address is not being excluded (this is a WAG)? If you temporarily disable
the VPN tunnel, can the computer at least get to the Internet (ping your DNS
server's IP)

WBM wrote:
Yes.

Lanwench [MVP - Exchange]"
message From one of the W2k workstations on the Netgear side, can you ping
the XP home computer by IP address?

WBM wrote:
I have a Netgear FVS318 router connecting to a Sonicwall Pro. The
sonicwall side is a network with a W2K server. The Netgear side is a
lan with 3 workstations. The netgear shows the tunnel is created and
working. The Netgear router can also ping the server IP address
through the tunnel. Two of the workstations on the Netgear side are
W2K pro systems. They can ping the server and map drives to the IP
address. One workstation is an XP home system. It cannot ping the
server or map anything.

The IP address for the XP system issued by the router is correct for
the subnet.
The default gateway is correct - the router address.
The XP workstation can ping the Netgear router OK but nothing beyond
over the tunnel.
The XP system has Internet access as well through the router.
The firewall on the XP box is turned off.
File sharing is turned on for the Ethernet connector connecting to
the Netgear router.

What is different about the XP home OS that prevents it from using
the IPSec tunnel??? Anything I missed?

 

[Lanwench [MVP - Exchange]]

Chalk it up to one of those "mysteries of the cosmos" things....glad it's
working now.

Thanks Mohamed and Lanwench for all of the suggestions. It was a great
help to bounce the problem off of someone else in my field.

Final status:

I ran tracert and it never pinged the first address, not even the
router.
I did a route print and saw nothing out of the ordinary. Just for good
measure, I entered a route for all of the server networks addresses
(10.0.0.0) to go to the router address. I gave it a metric of 1. This
should have overridden the gateway and any other route. No difference.
As a control, I setup a second workstation, this time with XP
proffesional. It works perfectly. I said AhHa! Its the Home edition. I
formatted the Home edition and reloaded with Home again. Now it
works.!!?? A bad OS load the first time? The XP was a new system and
was untested with any network but I still don't know what was the
problem.

Thanks again to everyone.

Allow me here to suggest a "route print" command at the XP
Workstation. Here you are looking for wrong static entries that may
mislead the traffic to the remote Private LAN. If you find an entry
that may do so, just delete it. Or alternatively you may add a
static route entry at the XP workstation (with "route add" command)
then trying to access the W2K server. Instead of "PING" try using
the "tracert" command that may give you more useful information on
the path your traffic is taking.

I have no excluded addresses in the class. The weird part is the
system can ping the Internet DNS server any time. The Internet
connection works just fine with tunnel active or not. It just
refuses to route packets to the router for another private LAN. The
server lan is a class A and the Netgear side is a class C. By
viewing traffic received by the router, it seems that any reference
to the class A lan never makes it to the router.

This strongly points to the gateway as the problem but IPCONFIG says
the gateway is fine and the Internet pages have no problem.

I have set up at least two dozen of these routers and have never
had a problem with the VPN connection, but this is the first XP
workstation I have used as a client. I thought this was some new XP
bug/feature I was not privy to. Short of formating the sucker and
reloading 2K I'm stumped.




"Lanwench [MVP - Exchange]"

Hmmm - and I presume you can ping the XP computer's IP from
within the NetGear interface as well? Have you checked the NetGear
to make sure that IP
address is not being excluded (this is a WAG)? If you temporarily disable
the VPN tunnel, can the computer at least get to the Internet
(ping your DNS
server's IP)

WBM wrote:
Yes.

Lanwench [MVP - Exchange]"
in message From one of the W2k workstations on the Netgear side, can you
ping the XP home computer by IP address?

WBM wrote:
I have a Netgear FVS318 router connecting to a Sonicwall Pro.
The sonicwall side is a network with a W2K server. The Netgear
side is a lan with 3 workstations. The netgear shows the tunnel
is created and working. The Netgear router can also ping the
server IP address through the tunnel. Two of the workstations
on the Netgear side are W2K pro systems. They can ping the
server and map drives to the IP address. One workstation is an
XP home system. It cannot ping the server or map anything.

The IP address for the XP system issued by the router is
correct for the subnet.
The default gateway is correct - the router address.
The XP workstation can ping the Netgear router OK but nothing
beyond over the tunnel.
The XP system has Internet access as well through the router.
The firewall on the XP box is turned off.
File sharing is turned on for the Ethernet connector connecting
to the Netgear router.

What is different about the XP home OS that prevents it from
using the IPSec tunnel??? Anything I missed?