0

After configuring the Routing and Remote Access Services to be a both VPN and NAT service, I cannot ping that server anymore from the external side. But when I configure it to be just a VPN server, or just a NAT server, I do able to ping it from the external side.

My configuration is like:

DC: 192.168.20.11 VPN and NUT: Nic 1: 192.168.20.1, NIC 2: 192.168.147.171 Client: 192.168.147.1

The mask is always: 255.255.255.0

I cannot understand why when configuring the VPN server to be a VPN and NAT, I cannot ping the server anymore.

stacker
  • 841
  • 3
  • 10
  • 15

4 Answers4

3

Check the External Inbound/Outbound Packet Filters - most likely it enabled highly restrictive filters that just allow inbound/outbound VPN traffic (that's what it did on mine). Open the RRAS console, expand IPv4, click General, right click your External interface->Properties. Check the inbound/outbound filters. You're probably going to want to add ICMP to both (ICMP type 8 code 0 for ICMP requests, type 0 code 0 for replies).

Dan
  • 1,278
  • 18
  • 27
  • It's not helped. I still cannot get ping confirmation, but now it's not a problem, as I understanding that there is no a connection problem, the ping just filtered out. – stacker Dec 29 '10 at 13:57
  • Sorry, I mixed those up (edited to fix). Try adding both type 0/code0 and type8/code0 to both inbound and outbound filters to see if you can get replies. – Dan Dec 29 '10 at 15:41
3

I too found (following Dan's answer - +1) that restrictive filters were added when I installed RRAS on my new Windows Server 2008 R2 machine.

Looking at the same thing on Windows Server 2003, no such filters were added by default.

To restore the ability to ping the machine (or RDP in, or pretty much anything else) I first just unticked Enable IP Router Manager under:

RRAS Console > IPv4 > Local Area Connection (ie External interface) > General.

Then when I added the ICMP filter as Dan described, I could reenable the IP Router Manager and still get in via the non-VPN IP address.

ChrisA
  • 316
  • 2
  • 10
  • Disabling IP Router Manager helped me to restore RDP access to just configured Server 2012 VPN server. – Regent Jul 24 '13 at 13:50
0

In RRAS, IPV4, NAT, select Primary NIC (with IP Valid) then right click and go to services and ports section, then add new service (name:ICMP, protocol:tcp, incoming port:7, private address: public IP, outgoing port:7, then select Ok and Ok, now you can PING your VPN server with IP valid.

In this solution, after solving the PING problem, you can connect to machine with RDP.

Dave M
  • 4,514
  • 22
  • 31
  • 30
hoseini
  • 1
  • 1
0

(hoseini)s Answer worked for us as well, not sure what changed but one day we could no longer ping our external address from a adjacent machine with a firewall exception and all of our other non-VPN services on that server failed. Protocols were available briefly during startup and shutdown but once RRAS started nothing worked.

For ICMP: RRAS>IPV4>NAT>"External NIC" or Ethernet1 for us,> right click>Properties>Services and Ports>Add>(Description of Service:ICMP, Incoming port:7, Private address:127.0.0.1, Outgoing port:7)

For SSH: RRAS>IPV4>NAT>"External NIC" or Ethernet1 for us, right click>Properties>Services and Ports>Add>(Description of Service:SSH, Incoming port:22, Private address:127.0.0.1, Outgoing port:22)

Worked immediately Thank you for the other answers in this post as it lead us here and thank you (hoseini) and (Dave M).

Alexein
  • 1