Can't ping remote network over VPN (so, no internal services)

[saxguy]

I have a strange issue that is hard to track down.

We have a VPN setup to a Windows 2000 server and Terminal Services
installed in remote admin mode. I can connect fine to the VPN and I
get the local IP address space for my VPN client 192.168.0.x

But I can't connect to Terminal Services and cannot even ping the
remote system's local subnet.

My own subnet from my client is in the address space 192.168.2.x so I
know it isn't trying to ping only my local LAN. And it's worked
before! So I can't figure out what's changed in Routing and Remote
Access. The user has Dial In permissions turned on and also under the
users Terminal server tab, that too is enabled.

Is there something in the ActionTec DSL router that's filtering ? I've
only forwarded ports for VPN services, and that, works. Or is it my
setup of RRAS?

What's preventing resolving remote LAN IP addresses?

thanks for helping me

saxguy

 

[Phillip Windell]

On the client machine, in the Dialup Connection's Settings, you must enable
the item that says "Use Gateway on remote network". Without that you can
only contact Hosts that reside in the same subnet as the VPN Server that
"answered" the call.

Once this is done it is the responsibility of the LAN's Layer3 Routing
Scheme to know what to do with it, it is not the responsibility of VPN to do
this.

 

[saxguy]

It is checked but I still can't ping the remote subnet (plus I never
had to change this before - it was always checked and worked before).

any other ideas?

 

[Phillip Windell]

Try other things besides Ping. Ping uses ICMP which can be blocked by all
types of firewalls (local, personal, and otherwise). Terminal Services
could be blocked as well. Is there ICF running on the target Box? Try
connecting to the TS Server from the VPN Server itself to see if it can even
route to the Server properly,...if it can't, then it sure can't route the
VPN client to there.