Cannot ping VPN clients

07-24-2006, 06:48 PM

Hello,
I'm having a hard time with our Microsoft VPN clients. We have used RRAS
for about 2 years now. At first it was using dhcp from our internal dhcp
server. We have grown as a company and we ran out of address's. Our
internal network is 190.100.100.x. To fix this issue, we configured the RRAS
server to use a pool of addresses and used, 190.100.0.x. Everything is fine
EXCEPT, we can no longer ping our vpn clients when they connect. I CAN ping
them from the RRAS server. So if we want to remotely administer our users,
we have to log onto the RRAS server, then remote into their machines. VPN
connected users have no problems accessing or browsing the internal network.
Any help is appreciated.

Below are route prints.
Our internal network is 190.100.100.x / 255.255.255.0 and the vpn clients
are on 190.100.0.x. The RRAS server is 190.100.100.3. There is one NIC in
the RRAS server.

RRAS SERVER ROUTE PRINT
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.ORTHOVITA>route print

IPv4 Route Table
================================================== =========================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 50 8b d3 a1 fd ...... Compaq NC3163 Fast Ethernet NIC #2
================================================== =========================
================================================== =========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 190.100.100.1 190.100.100.3 1
24.46.123.20 255.255.255.255 190.100.100.1 190.100.100.3 1
65.83.198.84 255.255.255.255 190.100.100.1 190.100.100.3 1
67.164.131.234 255.255.255.255 190.100.100.1 190.100.100.3 1
67.173.183.80 255.255.255.255 190.100.100.1 190.100.100.3 1
68.66.133.134 255.255.255.255 190.100.100.1 190.100.100.3 1
68.71.111.234 255.255.255.255 190.100.100.1 190.100.100.3 1
68.76.122.206 255.255.255.255 190.100.100.1 190.100.100.3 1
68.124.183.246 255.255.255.255 190.100.100.1 190.100.100.3 1
68.219.117.87 255.255.255.255 190.100.100.1 190.100.100.3 1
69.109.53.216 255.255.255.255 190.100.100.1 190.100.100.3 1
69.114.0.53 255.255.255.255 190.100.100.1 190.100.100.3 1
70.194.157.216 255.255.255.255 190.100.100.1 190.100.100.3 1
71.111.83.18 255.255.255.255 190.100.100.1 190.100.100.3 1
71.225.61.1 255.255.255.255 190.100.100.1 190.100.100.3 1
86.128.46.44 255.255.255.255 190.100.100.1 190.100.100.3 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
190.100.0.1 255.255.255.255 127.0.0.1 127.0.0.1 50
190.100.0.2 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.5 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.11 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.13 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.14 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.16 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.18 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.20 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.25 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.27 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.28 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.30 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.33 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.38 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.0.40 255.255.255.255 190.100.0.1 190.100.0.1 1
190.100.100.0 255.255.255.0 190.100.100.3 190.100.100.3 1
190.100.100.3 255.255.255.255 127.0.0.1 127.0.0.1 1
190.100.255.255 255.255.255.255 190.100.100.3 190.100.100.3 1
224.0.0.0 240.0.0.0 190.100.100.3 190.100.100.3 1
255.255.255.255 255.255.255.255 190.100.100.3 190.100.100.3 1
Default Gateway: 190.100.100.1
================================================== =========================
Persistent Routes:
None

MY COMPUTER WHILE AT WORK ROUTE PRINT
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

H:\>route print
================================================== =========================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 02 5e de 92 ...... Intel(R) PRO/Wireless 3945ABG Network
Connection - Packet Scheduler Miniport
0x10004 ...00 05 1b 3f ed 02 ...... ADM851X USB To Fast Ethernet Adapter -
Packet Scheduler Miniport
================================================== =========================
================================================== =========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 190.100.100.1 190.100.100.199 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
190.100.100.0 255.255.255.0 190.100.100.199 190.100.100.199 20
190.100.100.199 255.255.255.255 127.0.0.1 127.0.0.1 20
190.100.255.255 255.255.255.255 190.100.100.199 190.100.100.199 20
224.0.0.0 240.0.0.0 190.100.100.199 190.100.100.199 20
255.255.255.255 255.255.255.255 190.100.100.199 2 1
255.255.255.255 255.255.255.255 190.100.100.199 190.100.100.199 1
Default Gateway: 190.100.100.1
================================================== =========================
Persistent Routes:
None

TRACERT FROM RRAS SERVER TO VPN CLIENT
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.ORTHOVITA>tracert 190.100.0.31

Tracing route to XPLAP362 [190.100.0.31]
over a maximum of 30 hops:

1 734 ms 958 ms 186 ms XPLAP362 [190.100.0.31]

Trace complete.

TRACERT FROM MY COMPUTER WHILE AT WORK TO VPN CLIENT
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

H:\>tracert 190.100.0.31

Tracing route to 190.100.0.31 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 190.100.100.42
2 1 ms 1 ms 2 ms ppp-207207-126.netreach.net [207.29.207.126]
3 8 ms 4 ms 4 ms 209.152.209.161
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.

07-25-2006, 12:42 AM

If you put your remote clients in their own subnet you need to follow
the basic IP routing rules to route between the remote subnet and the LAN
subnet.

So the first essential is that IP routing is enabled on the RRAS server.
The second is that the RRAS server needs to be the default gateway for both
subnets for routing to just work.

In your network, the default gateway for the LAN is 190.100.100.1 .
Traffic for the remote machiness will be going there instead of to the RRAS
server.

To get the traffic for the remote to the RRAS server you can add a
static route to the gateway router to bounce the VPN traffic to the RRAS
router. eg

190.100.0.0 255.255.255.0 190.100.100.3

If you can't add this route to the gateway router you will need to add
it to every machine on the LAN which the remote clients need to contact.
Somehow you have to get the traffic to the RRAS router to be encrypted and
encapsulated before ot reaches the gateway.

Haddock wrote:
> Hello,
> I'm having a hard time with our Microsoft VPN clients. We have used
> RRAS for about 2 years now. At first it was using dhcp from our
> internal dhcp server. We have grown as a company and we ran out of
> address's. Our internal network is 190.100.100.x. To fix this
> issue, we configured the RRAS server to use a pool of addresses and
> used, 190.100.0.x. Everything is fine EXCEPT, we can no longer ping
> our vpn clients when they connect. I CAN ping them from the RRAS
> server. So if we want to remotely administer our users, we have to
> log onto the RRAS server, then remote into their machines. VPN
> connected users have no problems accessing or browsing the internal
> network. Any help is appreciated.
>
> Below are route prints.
> Our internal network is 190.100.100.x / 255.255.255.0 and the vpn
> clients are on 190.100.0.x. The RRAS server is 190.100.100.3. There
> is one NIC in the RRAS server.
>
>
> RRAS SERVER ROUTE PRINT
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator.ORTHOVITA>route print
>
> IPv4 Route Table
> ================================================== =========================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> 0x10003 ...00 50 8b d3 a1 fd ...... Compaq NC3163 Fast Ethernet NIC #2
> ================================================== =========================
> ================================================== =========================
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 190.100.100.1 190.100.100.3
> 1
> 24.46.123.20 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 65.83.198.84 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 67.164.131.234 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 67.173.183.80 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 68.66.133.134 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 68.71.111.234 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 68.76.122.206 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 68.124.183.246 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 68.219.117.87 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 69.109.53.216 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 69.114.0.53 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 70.194.157.216 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 71.111.83.18 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 71.225.61.1 255.255.255.255 190.100.100.1 190.100.100.3
> 1
> 86.128.46.44 255.255.255.255 190.100.100.1 190.100.100.3
> 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> 1 190.100.0.1 255.255.255.255 127.0.0.1 127.0.0.1
> 50 190.100.0.2 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.5 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.11 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.13 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.14 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.16 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.18 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.20 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.25 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.27 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.28 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.30 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.33 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.38 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.0.40 255.255.255.255 190.100.0.1
> 190.100.0.1 1 190.100.100.0 255.255.255.0 190.100.100.3
> 190.100.100.3 1 190.100.100.3 255.255.255.255
> 127.0.0.1 127.0.0.1 1 190.100.255.255 255.255.255.255
> 190.100.100.3 190.100.100.3 1 224.0.0.0
> 240.0.0.0 190.100.100.3 190.100.100.3 1 255.255.255.255
> 255.255.255.255 190.100.100.3 190.100.100.3 1 Default
> Gateway: 190.100.100.1
> ================================================== =========================
> Persistent Routes: None
>
>
> MY COMPUTER WHILE AT WORK ROUTE PRINT
> Microsoft Windows XP [Version 5.1.2600]
> (C) Copyright 1985-2001 Microsoft Corp.
>
> H:\>route print
> ================================================== =========================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x2 ...00 13 02 5e de 92 ...... Intel(R) PRO/Wireless 3945ABG Network
> Connection - Packet Scheduler Miniport
> 0x10004 ...00 05 1b 3f ed 02 ...... ADM851X USB To Fast Ethernet
> Adapter - Packet Scheduler Miniport
> ================================================== =========================
> ================================================== =========================
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 190.100.100.1 190.100.100.199
> 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> 1 190.100.100.0 255.255.255.0 190.100.100.199 190.100.100.199
> 20 190.100.100.199 255.255.255.255 127.0.0.1 127.0.0.1
> 20 190.100.255.255 255.255.255.255 190.100.100.199
> 190.100.100.199 20 224.0.0.0 240.0.0.0
> 190.100.100.199 190.100.100.199 20 255.255.255.255
> 255.255.255.255 190.100.100.199 2 1
> 255.255.255.255 255.255.255.255 190.100.100.199 190.100.100.199
> 1 Default Gateway: 190.100.100.1
> ================================================== =========================
> Persistent Routes: None
>
>
> TRACERT FROM RRAS SERVER TO VPN CLIENT
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator.ORTHOVITA>tracert 190.100.0.31
>
> Tracing route to XPLAP362 [190.100.0.31]
> over a maximum of 30 hops:
>
> 1 734 ms 958 ms 186 ms XPLAP362 [190.100.0.31]
>
> Trace complete.
>
>
> TRACERT FROM MY COMPUTER WHILE AT WORK TO VPN CLIENT
> Microsoft Windows XP [Version 5.1.2600]
> (C) Copyright 1985-2001 Microsoft Corp.
>
> H:\>tracert 190.100.0.31
>
> Tracing route to 190.100.0.31 over a maximum of 30 hops
>
> 1 <1 ms <1 ms <1 ms 190.100.100.42
> 2 1 ms 1 ms 2 ms ppp-207207-126.netreach.net
> [207.29.207.126] 3 8 ms 4 ms 4 ms 209.152.209.161
> 4 * * * Request timed out.
> 5 * * * Request timed out.
> 6 * * * Request timed out.
> 7 * * * Request timed out.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
When Client Ping DC not respond,but when DC ping clients they resp	ahmad	Windows Networking	3	07-17-2007 07:44 PM
[Click the star to watch this topic] how much time i have if i want to migrate a server with clients connected wo clients noticing it	will_u_tellmemore	Linux Networking	0	12-28-2006 01:21 PM
linux clients for W2K domains. (key words samba kerberos ldap winbind clients)	nerak99	Linux Networking	0	01-17-2004 02:21 PM
W98 clients run fast-XP clients run slow!	JK	Windows Networking	1	11-18-2003 05:39 PM
dns update from dhcp server ok for windows clients, not ok for linux (dhclient) clients	Tom Van Overbeke	Linux Networking	3	08-07-2003 03:24 PM