none
Windows Server 2012 VPN - can't ping other servers on local network

    Question

  • I have setup VPN on windows server 2012. The server has a public network interface and a private one. The private interface is configured with the IP 10.11.12.1/24. The VPN is configured with a static address pool - 10.11.12.50 to 10.11.12.59.

    Connected to this interface is another server with the IP 10.11.12.2/24. I am able to ping 10.11.12.2 from the server with 10.11.12.1.

    When I connect through VPN I can ping the servers private IP, 10.11.12.1, but I am unable to ping the other at 10.11.12.2.

    In "Routing and Remote Access" the server has both the "Enable this computer as a: IPv4 Router" checked and the "IPv4 Remote access server" option checked.

    What can I do to troubleshoot this issue?

    Wednesday, January 02, 2013 5:05 PM

Answers

All replies

  •   That should "just work". And you don't need to enable IP routing on the RRAS server for this. No routing is being done, because they are in the same IP subnet. You only need IP routing enabled if the remote client gets an address in a different IP subnet from the LAN machines.

       It should just work because the RRAS server does proxy ARP on the LAN for the guest. The server gets the replies and sends them on to the client. See this article about on subnet and off subnet addressing in RRAS.

    http://technet.microsoft.com/en-us/library/cc958008.aspx

     

    Bill

    Wednesday, January 02, 2013 10:46 PM
  • Hi jiggak,


    Firstly, please double check that the static pool of addresses you configure for your VPN clients are not assigned to the internal clients by your DHCP Server.


    Reference:

    IP Address Assignment


    However, if issue persists, please let us know the following:

    1. Did you enable NAT on the VPN Server?

    2. Is the VPN Server a DC?

    3. Unedited ipconfig /all from a connected VPN client and the VPN server.


    More information:

    Enable RRAS as a VPN Server

    Enable RRAS as a VPN Server and a NAT Router

    Checklist: Installing and Configuring an RRAS VPN Server


    Hope this helps.


    Jeremy Wu
    TechNet Community Support

    Thursday, January 03, 2013 6:38 PM
  • DHCP is not in use on this subnet. The 10.11.12.1 address is statically assigned, and I know that only three addresses are in use in this subnet 10.11.12.1 - 10.11.12.3.

    I should also mention that all of these servers are virtual and hosted by rackspace.

    NAT is not enabled. This is not a domain controller.

    Client ipconfig: http://www.slashdev.ca/client-ipconfig.txt

    Server ipconfig: http://www.slashdev.ca/server-ipconfig.txt

    Thursday, January 03, 2013 7:33 PM
  •   Pin is not really the best tool to use for network connectivity these days as it is blocked by most firewall software. Is file sharing enabled on this server? Can you see its shares from the VPN client? (Or can you ping if the firewall on 10.11.12.2 is disabled?)

       


    Bill

    Thursday, January 03, 2013 11:39 PM
  • See if these help:

    Technet thread: "Internet Access through VPN server - need help please"  6/28/2010
      http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/8db49948-1962-408b-9996-4a9584b3500d/

    How To Install and Configure RRAS NAT & VPN (YouTube Video): 2008/2008 R2 (Similar to 2012)
      How to install routing and remote access server and test the installation with a VPN connection.
      http://www.youtube.com/watch?v=wpt2z3LA0dQ


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Friday, January 04, 2013 7:41 AM