RRAS Clients cannot ping, but server can?

[jgoodman00]

I have a demand dial VPN which connects from a Win2K server to a remote
WinXP Pro machine.

The network for our office is 192.168.10.0/24
The network for the remote location is 192.168.12.0/24

I configured the demand dial connection as appropriate.
I added a static route onto our broadband router (with ip address
192.168.10.1) to forward access to the 192.168.12.0 network to 192.168.12.2
(the rras server).

If the demand dial connection is not connected & I ping a machine on the
remote network, such as 'ping workstation1' the demand dial connection is
triggered & the ping succeeds.

However, if I try this from a client machine the ping fails. The connection
is triggered, but the ping does not come back.
If I run a tracert to the remote machine from the client the packet goes to
our router which forwards the packet to our rras server. The packet then
just times out.

Any suggestions?


James Goodman MCSE, MCDBA

http://www.j.goodman.dsl.pipex.com

 

[minxca]

which machine do you ping from remote network? RRAS or wks at your office?

 

[aftertaf]

try enabling 'use gateway of distant connection' option...


Aftertaf (david)
MCSA 2003

 

[jgoodman00]

which machine do you ping from remote network? RRAS or wks at your office?

If I ping 192.168.12.1 from the RRAS server it works. If I ping 192.168.12.1 from the workstation the demand dial connects, but the ping fails.

try enabling 'use gateway of distant connection' option...

This option is greyed out. I only have one network card installed in the server.

James Goodman MCSE, MCDBA

http://www.j.goodman.dsl.pipex.com

 

[aftertaf]

and set up your server as the gateway on the client PC?
might that help
(not sure, just ideas like that... don't have one to play with in front of me :/)

Aftertaf
if its not broken, fix it anyway - with luck you might break it and have an excuse

 

[jgoodman00]

and set up your server as the gateway on the client PC?

Yup. There is a static route on our router which forwards traffic from our router back to the RRAS server when it is destined for the 192.168.12.0/24 network.

If I run a tracert this works as expected up until it reaches the RRAS server.
It goes to our router, back to the RRAS server, then it just times out...

James Goodman MCSE, MCDBA

http://www.j.goodman.dsl.pipex.com

 

[aftertaf]

Does your RRAS have a default gateway in its ipconfig?


Aftertaf
if its not broken, fix it anyway - with luck you might break it and have an excuse

 

[jgoodman00]

Does your RRAS have a default gateway in its ipconfig?

Yes it does. Its gateway is our 192.168.10.1 router.

What I cannot work out is why it drops the packets from client machines when it is actually dialing the demand dial connection as desired.

I have enabled maximum detail logging, but nothing is being logged, so I am really struggling to understand where/why it is dropping the packets...

James Goodman MCSE, MCDBA

http://www.j.goodman.dsl.pipex.com

 

[aftertaf]

can you post the results of pathping?
true it is a toughie, all the more cos there's a tiny grain of sand in there somewhere ...


Aftertaf
if its not broken, fix it anyway - with luck you might break it and have an excuse

 

[jgoodman00]

Tracert:

C:\Documents and Settings\Jamesg>tracert 192.168.12.1

Tracing route to 192.168.12.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.10.1
  2    <1 ms    <1 ms    <1 ms  dc2.na.com [192.168.10.3]
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *     dc2.na.com [192.168.10.3]  reports: Destination host unre
achable.

Trace complete.

Pathping:

C:\Documents and Settings\Jamesg>pathping 192.168.12.1

Tracing route to 192.168.12.1 over a maximum of 30 hops

  0  AMIDALA [192.168.10.11]
  1  192.168.10.1
  2  dc2.na.com [192.168.10.3]
  3  dc2.na.com [192.168.10.3]  reports: Destination host unreachable.

Computing statistics for 75 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           AMIDALA [192.168.10.11]
                                0/ 100 =  0%   |
  1    0ms     0/ 100 =  0%     0/ 100 =  0%  192.168.10.1
                                0/ 100 =  0%   |
  2    0ms     0/ 100 =  0%     0/ 100 =  0%  dc2.na.com [192.168.10.3]
                              100/ 100 =100%   |
  3  ---     100/ 100 =100%     0/ 100 =  0%  AMIDALA [0.0.0.0]

Trace complete.

James Goodman MCSE, MCDBA

http://www.j.goodman.dsl.pipex.com

 

[aftertaf]

dc2 --> 192.168.10.3
is this a RRAS server too, on your office network?
cos it's here that the process is tripping up.

Ping & friends arent' working, and i gather you dont have satisfactory network connnectivity also. hence your tests...

why is everything being routed by your router (192.168.10.1) to dc2 ?

what will help here is an ipconfig of
amidala (.10.11)
dc2 (.10.3)
and the remote RRAS (.12.2) - though i dont think the pb is here.

also, if you can paste the relevant portion of the routers routing tables on both .10.1 and .12.2 ...

got myself a bit of a diagram drawn up here...


Aftertaf
if its not broken, fix it anyway - with luck you might break it and have an excuse

 

[aftertaf]

Does your RRAS have a default gateway in its ipconfig?
Yes it does. Its gateway is our 192.168.10.1 router.

and if you changed it to dc2 (192.168.10.3)
??

Aftertaf
if its not broken, fix it anyway - with luck you might break it and have an excuse

 

[jgoodman00]

Ok, changing the gateway doesnt make any difference. It just kills the internet connection for the RRAS server.

I am becoming more convinced the problem is with the XP Pro dial-in machine. I can establish a link to a vigor router & clients here can ping this without problem.

Ok, some ipconfig results!

AMIDALA:

LAN
IP Address:  192.168.10.11
Subnet mask: 255.255.255.0
Gateway:     192.168.10.1 'A vigor router

DC2:

LAN
IP Address: 192.168.10.3
Subnet:     255.255.255.0
Gateway:    192.168.10.1

PPP
IP Address: 192.168.12.52
Subnet:     255.255.255.255
Gateway:

Dial-in:

LAN:
IP Address: 192.168.12.2
Subnet:     255.255.255.0
Gateway:    192.168.12.1

Dial-in:
IP Address: 192.168.12.50
Subnet:     255.255.255.255
Gateway:

For information, if I bring the link to the vigor router up, these are the ipconfig results:
DC2:

IP Address: 192.168.11.202
Subnet:     255.255.255.255
Gateway:

This connection works perfectly.


James Goodman MCSE, MCDBA

http://www.j.goodman.dsl.pipex.com

 

[aftertaf]

so, it's DC2 that is the RRAS on office LAN that creates the VPN (ppp), via the vigor router ?

and the .11.202 address for DC2, when the route is established - this is a virtual, third NIC ?

Aftertaf
if its not broken, fix it anyway - with luck you might break it and have an excuse

 

[jgoodman00]

DC2 is the RRAS server at our office. It creates a VPN to the vigor router, exactly the same as it creates a VPN to the XP machine.
The vigor router is a router with a VPN endpoint at one of our remote offices.
The XP machine is a machine behind a VPN passthrough router at another remote office.

Office:
192.168.10.0/24 'DC2 RRAS server

Office 2:
192.168.11.0/24 'Vigor Router

Office 3:
192.168.12.0/24 'XP Pro machine.

James Goodman MCSE, MCDBA

http://www.j.goodman.dsl.pipex.com

 

[aftertaf]

and the vigor router, therefore, links your office to the 2nd remote office (.11.0), via VPN, and it is in this office that you have the XP machine?

ok, summarising it all, a lot of info in your posts...


Aftertaf
if its not broken, fix it anyway - with luck you might break it and have an excuse

 

[aftertaf]

sorry about all this...
but you mention when you ping & tracert, you try the ip address 192.168.12.1
which machine is this?
and what is its ipconfig ?

the RRAS at 192.168.12.2 -> what is it's name (clarity reasons)

and something that makes me think we're getting close...

DC2:
LAN
IP Address: 192.168.10.3
Subnet: 255.255.255.0
Gateway: 192.168.10.1

PPP
IP Address: 192.168.12.52
Subnet: 255.255.255.255
Gateway: <--- NO GATEWAY

Dial-in:
LAN:
IP Address: 192.168.12.2
Subnet: 255.255.255.0
Gateway: 192.168.12.1

Dial-in:
IP Address: 192.168.12.50
Subnet: 255.255.255.255
Gateway: <--same here

For information, if I bring the link to the vigor router up, these are the ipconfig results:
DC2:
IP Address: 192.168.11.202
Subnet: 255.255.255.255
Gateway: <--same here

there are no gateways for these connections, so they don't know where to send any traffic they receive that doesn't have the same network address as they do!!

Aftertaf
if its not broken, fix it anyway - with luck you might break it and have an excuse

 

[jgoodman00]

No.

The vigor router is at one office, while the XP machine is at another office.

Each office is on a different network (See previous post).



This all has me mystified. If the vigor router connection didnt work I would at least suspect the RRAS server. However, I have tested this on two RRAS servers here & both of them exhibit the exact same behaviour...



James Goodman MCSE, MCDBA

http://www.j.goodman.dsl.pipex.com

 

[jgoodman00]

The name of the XP Pro machine is WORKSTATION1.

I thought the lack of a gateway was indicative of a problem, but the RRAS help suggests this is normal for a demand dial connection, & the fact that the vigor router works without a gateway suggests this is ok.

James Goodman MCSE, MCDBA

http://www.j.goodman.dsl.pipex.com

 

[aftertaf]

xp pro= wkstn1 = 192.168.12.1 ??
dc2 is a rras for .10.0/24
dial-in is a rras for .12.0/24

on xp machine, silly question, but have you checked out the windows firewall?

Aftertaf
if its not broken, fix it anyway - with luck you might break it and have an excuse