1

Site 1:

  • Windows 2008 R2
  • It's the receiving side of the site-to-site PPTP VPN
  • 192.168.1.4

Site 2:

  • Windows 2003
  • It's the dialing side of the site-to-site PPTP VPN
  • 10.0.23.70

The VPN connects without issue, and once connected:

  1. I can ping site 1 from site 2
  2. I cannot ping site 2 from site 1

I assume there is some configuration to do on Site 1.

I have tried adding a route on Site 1 as follows:

route add 10.0.23.0 mask 255.255.255.0 192.168.1.4 metric 1

This did not fix the problem.

Any ideas?

EDIT: It's a routing issue - not a firewall issue. All firewalls are disabled.

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
user3565039
  • 19
  • 4
  • Your route seems wrong. Please add 'ipconfig /all' and 'route print' from both your DCs/RRAS servers. – Dusan Bajic May 15 '14 at 13:20
  • Ive had similar issues before and its always come down to something like one site does not allow pings? or although the route is in place the firewall on site 2 is blocking any traffic coming from the active VPN connection Site 1? – CharlesH May 14 '14 at 08:40
  • C:\>route add 10.0.23.0 mask 255.255.255.0 192.168.1.4 metric 1 OK! C:\>tracert 10.0.23.70 Tracing route to 10.0.23.70 over a maximum of 30 hops 1 DC01.my_domain.internal [192.168.1.4] reports: Destination host unreachable. Trace complete. Any ideas? There is no firewall in the way. – user3565039 May 14 '14 at 09:25
  • Out of interest where is this route being added on a workstation or on the DC01 (192.168.1.4)? – CharlesH May 14 '14 at 09:39
  • On DC01 itself. This is the only computer on Site 1 that I need to be able to access the Server on Site 2. I just need my domain controllers to be able to replicate. – user3565039 May 14 '14 at 09:47
  • I've had issues before between 2003 and 2008 R2... Firstly check 2008 R2 local firewall is off... Then have a read of this article it maybe what your having issues regarding http://blogs.technet.com/b/networking/archive/2008/11/07/unable-to-ping-the-tunnel-address-of-a-demand-dial-connection-on-windows-server-2008-rras.aspx – CharlesH May 14 '14 at 09:55

1 Answers1

1

I think the route add syntax should be "route add 10.0.23.0 255.255.255.0 Site2TunnelEndpointIP". You need to add a firewall rule to allow pings through the vpn tunnel. It is possible that the rule exists on one router only and not both. I am assuming Site 2 network is 10.0.23.0 (internal) and Site 1 is 192.168.1.0 (internal).

user241110
  • 11
  • 1