Cant ping specific IPs over VPN

[Charger14]

Hope you guys can help because I'm kind of stumped.

We've got a server 2003 box running RRAS on a Server 2003 Domain and a small branch office thats got a Billion VPN router in their office thats connecting to the main office VPN server over PPTP. Main office range is 10.0.37.x/24 and the branch office is 192.168.1.x/24 not the best setup I know but the branch office is small and the client didn't want to shell out for proper hardware VPN equipment. Machines in the branch office are on the domain and authenticating properly.

Now the issue we're having is everything works perfectly, name resolution, RDP, file sharing etc, however specific IP's cannot be connected to or pinged. We had the issue before and it turned out to be that the server had multiple IP ranges, removed the ones that weren't in use anymore and it came to life, now the question I want to ask is why was that the problem and is it related to our current issue?

Now they implemented a new system and we are unable to ping or connect to its router and server from the branch office, just those two specific IP adresses, everything else is perfect though, other servers are connectable, name resolution is working and comms are working both ways. There are no IP confilcts, that I checked already.

Any ideas?

[Nuke]

Is the gateways on the machines you cant ping the VPN router?

[Charger14]

hmm, I'm not sure, I don't think so, they were both provided by another vendor for the new system. The one is an internal little FTP server and the other is a Cisco Router (I forget the model now, its an ADSL VPN router jobbie)

You think that'll make a difference?

[Nuke]

Yes, most likely your request reaches the machine, but then routes it out to the internet instead of back through the vpn. Many vpn routers don't support nat-overload/masqurade/whatever you like to call it on the tunnel interface.

[Charger14]

I see, that makes sense. ok I'll give the guys a shout and see if changing the default gateway on the FTP box helps. but then what do you suggest for the router?

[Nuke]

On ther router you will need to add a static route to the other network. eg. on the cisco it will look something like

Code: Select all

conf t
ip route 10.0.37.0 255.255.255.0 a.b.c.d
do wr

Where a.b.c.d is the ip of the VPN router.

[Charger14]

Aah ok i see. Thanks man, you been a great help, really appreciate it. Chatting with the guys who stuck in this story to do those changes.