VPN connection unable to ping to non-domain hosts

on server2003 as domain controller running vpn server
can connect vpn and ping hosts that are members of domain, unable to
ping non-domain hosts

able to ping all hosts from local network

same problem this guy had, too bad the reply didnt read his post
before replying?
http://groups.google.com/group/micro...5a7709daab34c9

where should i be looking, security policy settings? this is for a
client, havent encountered this problem before and am unable to
recreate in test lab.

thanks in advance

Domain Membership has nothing to do with being able to Ping.
Ping would not know a Domain if it tripped over it.
A Domain is an Administration entity,...not a Network entity.
It could be that the Domain Members have the Windows Firewall turned off
(maybe even via GPO),...while the non-members have the Windows Firewall
turned on (non-members can't use the GPO).

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
> on server2003 as domain controller running vpn server
> can connect vpn and ping hosts that are members of domain, unable to
> ping non-domain hosts
>
> able to ping all hosts from local network
>
> same problem this guy had, too bad the reply didnt read his post
> before replying?
> http://groups.google.com/group/micro...5a7709daab34c9
>
> where should i be looking, security policy settings? this is for a
> client, havent encountered this problem before and am unable to
> recreate in test lab.
>
> thanks in advance
>

It is also not a great idea to run a DC as a VPN server. As soon as your
first remote user conncts, the server acquires an additional IP to act as
the server end of the point to point connections. So you get all of the
problems associated with multihomed DCs.

See KB 292822 for some of the name resolution and browsing problems this
can cause.

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Domain Membership has nothing to do with being able to Ping.
> Ping would not know a Domain if it tripped over it.
> A Domain is an Administration entity,...not a Network entity.
> It could be that the Domain Members have the Windows Firewall turned off
> (maybe even via GPO),...while the non-members have the Windows Firewall
> turned on (non-members can't use the GPO).
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft, or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ps.com...
>> on server2003 as domain controller running vpn server
>> can connect vpn and ping hosts that are members of domain, unable to
>> ping non-domain hosts
>>
>> able to ping all hosts from local network
>>
>> same problem this guy had, too bad the reply didnt read his post
>> before replying?
>> http://groups.google.com/group/micro...5a7709daab34c9
>>
>> where should i be looking, security policy settings? this is for a
>> client, havent encountered this problem before and am unable to
>> recreate in test lab.
>>
>> thanks in advance
>>
>
>

> Domain Membership has nothing to do with being able to Ping.
> Ping would not know a Domain if it tripped over it.
> A Domain is an Administration entity,...not a Network entity.
Uh yeah... just trying to describe the problem, I should have prefaced
my post with "i am not an idiot"

> It could be that the Domain Members have the Windows Firewall turned off
> (maybe even via GPO),...while the non-members have the Windows Firewall
> turned on (non-members can't use the GPO).
No, then non-members would not reply to ping from the local network.


It's ok if you don't know the answer, you don't have to come up with /
something/ just to reply

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>> Domain Membership has nothing to do with being able to Ping.
>> Ping would not know a Domain if it tripped over it.
>> A Domain is an Administration entity,...not a Network entity.
> Uh yeah... just trying to describe the problem, I should have prefaced
> my post with "i am not an idiot"
>
>> It could be that the Domain Members have the Windows Firewall turned off
>> (maybe even via GPO),...while the non-members have the Windows Firewall
>> turned on (non-members can't use the GPO).
> No, then non-members would not reply to ping from the local network.
>
>
> It's ok if you don't know the answer, you don't have to come up with /
> something/ just to reply

I can only deal with what I see in the post. I have no background on you to
know what you know or don't know. So I am trying to clarify the situation
so that we can get directly to the matter and not get distracted by things
that don't matter,...which involves telling people what things do not matter
and how things relate or do not relate with each other.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------