VPN Help Please

  • Thread starter Thread starter ky
  • Start date Start date
K

ky

Hi All,

I am experiencing a wierd problem and I know there is
something I am overlooking. We have a W2K RRAS server
which our users VPN into from the outside. Our RRAS server
is has two network cards, one on our Trusted lan and the
other is on the DMZ. The reason we have two nics is
because our Proxy server resides on the same box and it
wont function with out two nics. The problem I am
experiencing is when I VPN into our network I am not able
to see/ping the servers in the DMZ for some reason. When I
do a traceroute it stops at the RRAS server. I can see all
the servers in the Trusted lan just fine. I dont believe
its the firewall because the traceroute stops at the RRAS
server. Has any ever expereinced this problem? Any help is
greatly appreciated.

Thanks,

Jack
 
quoted form http://www.ChicagoTech.net
Can't Ping External Network Adapter After Configuring RRAS as a VPN Server

SYMPTOMS: After you configure the RRAS as a virtual private network (VPN)
server in Windows 2000 Server with two or more network adapters, pinging the
external network adapter does not work. This behavior occurs only while RRAS
is running. Pinging the external network adapter succeeds when RRAS is
stopped.
RESOLUTION: When you use the Routing and Remote Access Server Setup Wizard
to configure RRAS as a VPN server, Input and Output filters are
automatically configured on the external network adapter to process only VPN
traffic and disable all ports and protocols except protocol 47 (GRE), TCP
port 1723 for PPTP Outbound/Inbound, UDP 500 for ISAKMP and UDP 1701 for
L2TP. To allow pinging to and from the external network adapter, add Inbound
and Outbound filters to the adapter to allow ICMP packets to be processed on
the adapter. To do this, go to Routing and Remote Access>Server Name>IP
Routing>General, In the right pane, right-click the adapter that has been
configured as the external adapter, and then click Properties>Input
Filters>Add, In the Protocol box, click ICMP. Do the same on Output
Filters.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
 
Hi Robert,

I can ping the DMZ interface fine with out having to
create any filters. Its just that I cant get past it. When
I do a traceroute it stops at the "Internal" interface
which is the dhcp address assigned by our dhcp server to
the RRAS server. Just to see if it would help I have
actually created the icmp filters but still no luck. Once
logged onto the network via VPN I can ping my computer
from all the servers in the DMZ but I just can not ping
any of the servers from my computer.

-Jack
 
Back
Top