josh-RRMemberSep 25, 2007 at 8:08 am #127940
Ill start by explaining the setup. Its pretty standard.
1) Domain controller running Win 2003 Server standard ed.
2) My network 10.200.7.0 255.255.255.0
3) Domain controller IP on net card: 10.200.7.203
4) IP static pool configured for handout to vpn clients: 10.200.7.224 to .239 (255.255.255.240 mask)
5) IP of Routing remote access virtual interface takes IP 10.200.7.224
1st let me say that normal vpn clients connect fine. I can make a single workstation connection to the server above, get an ip out of the static pool and do work on the 10.200.7.0 network as if Im directly attached to the LAN.
I have a remote network (192.168.2.0) that Im trying to connect to our 10.200.7.0 network via a PPTP tunnel the server above. The router for the 192.168.2.0 connects its pptp tunnel perfectly to the Windows 2003 server above. It gets IP 10.200.7.230. I can ping 10.200.7.224 from the router.
1) I add a route 10.200.7.0 and route it out the virtual PPP1 interface on the router.
2) I have the windows 2003 server automatically add a route 192.168.2.0 255.255.255.0 back to the 192.168.2.0 network (route is assigned to the username the 192.168.2.0 router uses to log into the PPTP tunnel so the windows 2003 server adds the route automatically when the tunnel comes up).
3) Computers on the 192.168.2.0 have the default route set to the only router on the network which has the pptp tunnel to 10.200.7.0.
Problem: LAN stations on 192.168.2.0 network cannot ping the 10.200.7.224 address of the routing and remote access server nor can they ping anything behind it. LAN stations on 10.200.7.0 network cannot ping anything on the 192.168.2.0 network including 192.168.2.1 which is the IP of the LAN side of the remote router.
The crazy part: The routes are working. I setup a packet sniffer on the PPTP tunnel, also one on the LAN interface of the 192.168.2.0 router AND on the RRAS interface of the windows 2003 box AND on the LAN interface of the Windows 2003 box……. With the sniffers running I pinged from the windows 2003 server to 192.168.2.1… The ping reply went out AND CAME BACK correctly with a source IP of 192.168.2.1 and a destination IP of 10.200.7.224… BUT I WAS GETTING NO REPLY, no reply, no reply in the ping window!!!! I try pinging from a workstation on the 10.200.7.0 LAN… SAME THING the packets go down the PPTP tunnel, the 192.168.2.1 router sends a reply back up the tunnel… the packet comes in the RRAS interface (10.200.7.224) with the correct source IP of 192.168.2.1 and destination IP of the LAN client (10.200.7.252)… BUT IT NEVER GOES OUT the lan interface of the Windows 2003 server (10.200.7.203) The packet gets lost in a black hole of the server!! The sniffer I have running on the LAN interface of the windows 2003 server shows NO icmp packets going out just the ICMP echo requests comming into it from 10.200.7.252.
Let me say this… I can connect the 192.168.2.0 router to other networks using the method above just fine.. I can even connect it to another Linux router via pptp and route between the networks just fine… This problem just boggles my mind… it has to be some kind of arp issue? Any help would be much appreciated.
You must be logged in to reply to this topic.