XP-Pro VPN client cannot reach XP-Pro VPN server machine, but any other machine in the VPN servers n

[=?iso-8859-1?Q?Markus_G=F6mmel?=]

Hi,

I searched as good as I can in this newsgroup, but didn't find any solution
which fits to my problem so far, so a small hint would be great!!!

I've two networks in two offices, one with 192.168.1.x (vpn client side) and
one with 192.168.2.x (vpn server side)...

VPN server PC - IP 192.168.2.101, VPN server IP range static from
192.168.2.200 to 192.168.2.209, access to local network allowed, connected
to internet through a router and dyndns

VPN client PC - IP 192.168.1.150, also connected to the internet via router

Firewall is open, connecting from the VPN client to the server works (using
the IP the router is telling the dyndns service and routing 1723 and UDP 500
to the 192.168.1.101 machine), and now the funny thing:

I can ping and connect from the VPN client to every machine in the VPN
server network (192.168.2.x) EXCEPT the machine where the VPN server itself
is running (192.168.2.101)... but this is our server where different
services are installed I'd like to connect to.

Why can I ping machines with 192.168.2.100, 192.168.2.102 etc, but not the
192.168.2.101 machine itself. Do I miss the point somewhere?

THANKS FOR ANY HELP

Markus
(e-mail address removed)

 

[Sooner Al [MVP]]

Hi,

I searched as good as I can in this newsgroup, but didn't find any
solution which fits to my problem so far, so a small hint would be
great!!!

I've two networks in two offices, one with 192.168.1.x (vpn client side)
and one with 192.168.2.x (vpn server side)...

VPN server PC - IP 192.168.2.101, VPN server IP range static from
192.168.2.200 to 192.168.2.209, access to local network allowed, connected
to internet through a router and dyndns

VPN client PC - IP 192.168.1.150, also connected to the internet via
router

Firewall is open, connecting from the VPN client to the server works
(using the IP the router is telling the dyndns service and routing 1723
and UDP 500 to the 192.168.1.101 machine), and now the funny thing:

I can ping and connect from the VPN client to every machine in the VPN
server network (192.168.2.x) EXCEPT the machine where the VPN server
itself is running (192.168.2.101)... but this is our server where
different services are installed I'd like to connect to.

Why can I ping machines with 192.168.2.100, 192.168.2.102 etc, but not the
192.168.2.101 machine itself. Do I miss the point somewhere?

THANKS FOR ANY HELP

Markus
(e-mail address removed)

Are you running a firewall on the VPN server box that may be blocking pings?
Beyond the fact you can't ping the VPN server but you can fully access the
network behind the server what are you worried about?

Also, for PPTP VPN you don't need any other port open other than TCP Port
1723 and GRE Protocol 47 traffic must be enabled through the firewall. Close
UDP Port 500...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[=?iso-8859-1?Q?Markus_G=F6mmel?=]

Hi,

first of all, thanks for your quick reply

Are you running a firewall on the VPN server box that may be blocking
pings? Beyond the fact you can't ping the VPN server but you can fully
access the network behind the server what are you worried about?

I'm only running the Windows XP internal firewall, which will be opened when
activating the VPN server service, right?
Not only that I cannot ping this machine, I cannot access it. Nothing of it.
I cannot reach any port, I already tried to telnet some ports I know that an
application is behind that, but I'm getting no answer. So it looks to me
that routing to any other machine in the network works, but not to the
machine where this VPN server service is running. Any way I can check this?
Calling 'tracert' will show me the correct route for the other machines, but
calling it to the VPN server machine will fail:

W:\>tracert 192.168.2.110
Tracing route to 192.168.2.110 over a maximum of 30 hops

1 * * * Request timed out. // I think this is
the router which cannot be pinged, right?
2 47 ms 35 ms 35 ms 192.168.2.110

Trace complete.

W:\>tracert 192.168.2.101
Tracing route to 192.168.2.101 over a maximum of 30 hops

1 * * * Request timed out. // what's going on
here?
2 * * * Request timed out.
3 * * * Request timed out.
....

Also, for PPTP VPN you don't need any other port open other than TCP Port
1723 and GRE Protocol 47 traffic must be enabled through the firewall.
Close UDP Port 500...

Thanks for this info. I read that from some internet forums. So I will close
UDP 500 immediately.

I'm not a routing guru, so any hints are highly appreciated.

Kindest regards

Markus

 

[=?iso-8859-1?Q?Markus_G=F6mmel?=]

Hi all,

I'm only running the Windows XP internal firewall, which will be opened
when activating the VPN server service, right?

I'm testing a bit further and made the experience, that when I totally
disable the Windows firewall I can connect the VPN server machine too. Not
only ping it (that's too), but also access all the IP services on the
machine...

Now I've tried to enable some of the ICMP settings (including allowing pings
through the firewall), but nothing happens. So for me it looks like that the
VPN adapter is not able to came through the local LAN adapter, no way.

Any possibility to change this. I'm using static IP addresses for the VPN
server service, so I know which IP addresses the VPN server and client will
get (192.168.2.200 to x.x.2.209), but I do not find any way to tell the
Windows firewall that the local LAN adapter should accept all stuff coming
from the VPN server adapter (which means from 192.168.2.200)

Any idea, or am I on the wrong path?

Thanks a lot!

Markus

 

[Sooner Al [MVP]]

Hi all,


I'm testing a bit further and made the experience, that when I totally
disable the Windows firewall I can connect the VPN server machine too. Not
only ping it (that's too), but also access all the IP services on the
machine...

Now I've tried to enable some of the ICMP settings (including allowing
pings through the firewall), but nothing happens. So for me it looks like
that the VPN adapter is not able to came through the local LAN adapter, no
way.

Any possibility to change this. I'm using static IP addresses for the VPN
server service, so I know which IP addresses the VPN server and client
will get (192.168.2.200 to x.x.2.209), but I do not find any way to tell
the Windows firewall that the local LAN adapter should accept all stuff
coming from the VPN server adapter (which means from 192.168.2.200)

Any idea, or am I on the wrong path?

Thanks a lot!

Markus

See this for help configuring a custom scope in the firewall...

http://www.dslreports.com/forum/remark,17272952

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...