Can't ping PPTP VPN client.

  • Thread starter Thread starter BerkHolz, Steven
  • Start date Start date
B

BerkHolz, Steven

I am not sure what changed or how long ago it was since it worked.

I have a Windows Server 2003 RRAS setup. (I just put SP1 on to see if it would fix it)
Clients can VPN in with no problem and access shares, Exchange, etc.

I, on my LAN, can not ping the VPN clients.
I am positive that I used to be able to access them before.

Does anyone know of a setting or patch that addresses this?

It seems as though the RRAS service is either only returning replies back to the clients, or the Server is not responding to ARP
requests for the VPN clients.




--
 
Sure, you may be able to ping the VPN client. It depends on how and what VPN you setup. I would check the firewall first.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I am not sure what changed or how long ago it was since it worked.

I have a Windows Server 2003 RRAS setup. (I just put SP1 on to see if it would fix it)
Clients can VPN in with no problem and access shares, Exchange, etc.

I, on my LAN, can not ping the VPN clients.
I am positive that I used to be able to access them before.

Does anyone know of a setting or patch that addresses this?

It seems as though the RRAS service is either only returning replies back to the clients, or the Server is not responding to ARP
requests for the VPN clients.




--
 
I think it is an XP SP2 issue.

I had another person connect in, and I could access their PC.
But I still couldn't connect to most VPN users.

I am assuming that their SP2 firewall is in Non-Domain mode before VPNing in.
The catch is that if I open up more access in their Non-Domain firewall settings, there is no point having the firewall at all.

I have to fix something for someone overseas and I do not get to use my normal tools. :-(

I guess I will have to make a https://secure.logmeinrescue.com/HelpDesk/Home.aspx account.


--
--
Steven

May you have the peace and freedom that come from abandoning all hope of having a better past.
--- - --- - - - - - - - -- - - - --- - ------ - - --- - - -- - - - -- - - -
Sure, you may be able to ping the VPN client. It depends on how and what VPN you setup. I would check the firewall first.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I am not sure what changed or how long ago it was since it worked.

I have a Windows Server 2003 RRAS setup. (I just put SP1 on to see if it would fix it)
Clients can VPN in with no problem and access shares, Exchange, etc.

I, on my LAN, can not ping the VPN clients.
I am positive that I used to be able to access them before.

Does anyone know of a setting or patch that addresses this?

It seems as though the RRAS service is either only returning replies back to the clients, or the Server is not responding to ARP
requests for the VPN clients.




--
 
I think it is an XP SP2 issue.

I had another person connect in, and I could access their PC.
But I still couldn't connect to most VPN users.

I am assuming that their SP2 firewall is in Non-Domain mode before VPNing in.
The catch is that if I open up more access in their Non-Domain firewall settings, there is no point having the firewall at all.

I have to fix something for someone overseas and I do not get to use my normal tools. :-(

I guess I will have to make a https://secure.logmeinrescue.com/HelpDesk/Home.aspx account.
Click to expand...
Wow i have the same Problem. But only with w3kSp1. Do you have solved this??



Regards from germany
 
One thing I did was use the "Connection Manager Administration Kit".
It comes with Windows Server.

It builds an .exe file with all the settings for the VPN built in.
Benefits:
If the user is an admin, none of the VPN settings can be changed. (reduce troubleshooting)
You can add your company logo to the VPN login screen. ;-)
You can hard code the domain name for the VPN. (was doing this manually in the VPN Network Interface)
You can hard code the IE Proxy settings. (was doing this manually in the Dialup setting on the IE connections tab)
And last but not least, you can specify VPN connect and disconnect scripts.
We are having the client run gpupdate.exe just after the VPN comes up.

I haven't tested it yet, but I am hoping that this will trigger the firewall to run in domain mode.
I have put in into use, but have not had time to check it.
If it does not reset the firewall, then I may be able to run "netsh firewall set opmode mode = ENABLE profile" , but I think it
requires admin privilege. (more testing required)

Side topic: I was also pleased to see that it took care of my manual edits of the domain name and Proxy settings. (the proxy
settings are set back to what they were when you disconnect the VPN)
We had to change the Domain Name, because if the user was connecting from comcast.net via DHCP, it was hit or miss whether it would
find internal servers via FQDN.
We had to set the IE proxy settings, because we use "automatically detect settings" inside the company via DNS and DHCP.
(redundancy)
If connecting from camcast.net, if the browser was started before the VPN, it would look to wpad.comcast.net for its proxy settings,
and not look again after the VPN was connected. (no internet if using VPN)
Now, in the "Connection Manager Administration Kit" we hard code in the path to our wpad.dat file, so the user can access servers
and the internet via our corp. proxy)

If priorities ever let me get back to the testing phase of this, I will post the results.
 
Back
Top