locked
VPN site-to-site RRAS RRS feed

  • Question

  • I am trying to make a Site-to-Site VPN connection between two locations.

    The first server at each location has the role Routing and Remote Access installed. This will be used for VPN access and NAT routing to the internet. The server has two NIC's. Also, this server has the Domain Controller role. I need to create this for a test environment.

    The second server is also a Domain Controller, and has one NIC installed.

    Between both locations, I have a VPN setup with demand dial routing on server 1, to server 1 at the other location.

    I also configured a static route in Routing and Remote Access.

    The VPN is established, I can access the server via the internal IP adres, but I cannot ping or RDP to the servers.  

    When I try on the second server, wich has Server 1 as his default gateway, I can ping the servers in the other location. Server 1 routes the packets perfectly through the VPN tunnel. Only the VPN server cannot ping or RDP to the other network. Only access to the shares are working. I think this problem is related to a filter of firewall problem, but I can't figured out what exactly the problem is.

    In the inbound and outbound filters of the VPN connection, I have configured Drop all packets except those that meets te criteria below. Here I have insert a record with Any. I do'nt have configured any IP-adres in the filters. Also, I have disabled the firewall on both locations. On the NPS server, I have select Grant Access on the Routing and Remote Access policy's.

    Can anyone help me?

    Wednesday, January 13, 2016 6:03 PM

Answers

  • The VPN is established, I can access the server via the internal IP adres, but I cannot ping or RDP to the servers.  

    When I try on the second server, wich has Server 1 as his default gateway, I can ping the servers in the other location. Server 1 routes the packets perfectly through the VPN tunnel. Only the VPN server cannot ping or RDP to the other network. Only access to the shares are working.

    Hi Toine,

    I'm a little confused about this, do you mean after VPN established, the VPN server in site1 couldn't ping site2, but other server in site1 could ping site2 via the VPN server?

    If so, it seems strange, could you provide the route print of ping on both servers to site 2?

    Beside, here is the checklist of deploying site to site VPN, you may check if you configure it correctly:

    https://technet.microsoft.com/en-us/library/ff687867(v=ws.10).aspx

    PS: It is not recommended to make DC multihomed.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, January 14, 2016 3:06 AM