Announcement

Collapse
No announcement yet.

Server not visible to an address outside LAN

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Server not visible to an address outside LAN

    I have a weird problem with Server 2008 (Standard edition). I have a small domain network with Server being 192.168.1.100 and clients 192.168.1.50-192.168.1.70. I can connect to that LAN from the outside through cisco pix 501 and using cisco vpn client.
    Now the weird part: when I'm connected through vpn client, I can ping all the clients (all running Windows XP SP2), but cannot ping the server. Basically, I'm connected and I can ping any address on the 192.168.1.x lan, except for the server. At the same time, all clients don't have that problem and can ping server normally. The windows firewall is turned off on the server. Seems like only 192.168.1.x addresses can ping the server.
    Is there any default rule/policy or any other thing, which prevents server being visible to an "outside" address? Or is it something else? Any help would be greatly appreciated!

  • #2
    Re: Server not visible to an address outside LAN

    What ACL do you have on the PIX for the VPN clients?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Server not visible to an address outside LAN

      Hm... I'm not responsible for the pix's maintenance, so not sure really. Though I doubt the problem is there, because all the clients on the lan are visible. Moreover, Server 2008 is recently (few days ago) added to the LAN instead of a Server 2003 machine (had the same 192.168.1.100 address); with Server 2003 everything worked fine when accessing from the outisde. And configuration of the pix wasn't changed in years.

      Comment


      • #4
        Re: Server not visible to an address outside LAN

        Ok fair enough, the PIX has an allow ACL so this could quite easily restrict which IP addresses the VPN clients can access.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Server not visible to an address outside LAN

          Yes I see, but that address was accessible before, and not accessible now, while the configuration on the pix remained untouched, so I'm guessing the problem is with the server.

          Comment


          • #6
            Re: Server not visible to an address outside LAN

            By default W2K8 blocks ICMP ECHO Request (incoming ping). You need to open this in the firewall on the W2K8 server.
            Can you ping the server from inside the network ?
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment


            • #7
              Re: Server not visible to an address outside LAN

              Yep no probs, I just wanted to explain my thinking

              Can the server ping the PIX?
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment


              • #8
                Re: Server not visible to an address outside LAN

                Originally posted by guyt View Post
                By default W2K8 blocks ICMP ECHO Request (incoming ping). You need to open this in the firewall on the W2K8 server.
                Can you ping the server from inside the network ?
                From inside the network no problem whatsoever, that's what is bugging me. It seems like it's blocking everything save the local subnet, but can't find where to control that. I opened the Windows Firewall with Advanced Security snap-in, but everything seems fine... or I'm missing something.

                @Andy
                Server can't ping the pix, but same goes for the old server, and yet everything was working fine then.

                Comment


                • #9
                  Re: Server not visible to an address outside LAN

                  Can the clients ping the PIX?

                  If you are sure the config hasn't changed on it and that nothing has changed in between them (vlan etc) then it is a really odd issue.
                  cheers
                  Andy

                  Please read this before you post:


                  Quis custodiet ipsos custodes?

                  Comment


                  • #10
                    Re: Server not visible to an address outside LAN

                    An incorrect default gateway would cause the server to exhibit the behavior you've listed (visible within the subnet, nonreachable from outside the subnet).

                    Comment


                    • #11
                      Re: Server not visible to an address outside LAN

                      That would make sense if there are other devices in between.
                      Miroslav Jeftic, can you provide something along the lines of a network diagram maybe?
                      cheers
                      Andy

                      Please read this before you post:


                      Quis custodiet ipsos custodes?

                      Comment


                      • #12
                        Re: Server not visible to an address outside LAN

                        Hm... I'll see whether I can do something, because mostly I'm responsible for software part, not the hardware one. There is a couple of routers beside pix; but the point is everything was working fine, then the only thing that changed was the old server (2003) replaced with a new one (2008 ), while the router's configuration wasn't touched. Even the server's hardware is exactly the same (nics), simply the OS was reinstalled (it had to go because of some licensing conditions).
                        I'll check the gateway as suggested.

                        Comment


                        • #13
                          Re: Server not visible to an address outside LAN

                          Working on karlw's suggestion the 2003 box may have had a persistant route setup. Can you still boot it to check any differences?
                          cheers
                          Andy

                          Please read this before you post:


                          Quis custodiet ipsos custodes?

                          Comment


                          • #14
                            Re: Server not visible to an address outside LAN

                            try temporarily disabling the windows firewall all together and see if that solves the problem. I believe it may be a setting in the windows firewall and if it works with the firewall disabled then you know kind of where to begin looking.
                            Technology is only as good as those who use it

                            My tech blog - wiredtek.wordpress.com

                            Comment


                            • #15
                              Re: Server not visible to an address outside LAN

                              Already try that, but thanks anyway. After consulting with a friend, seems adding the persistant route could solve the problem, as it was suggested here too. I'll try that and get back with the results. Thanks to everybody for the help, especially to AndyJG247

                              Edit: Adding of persistant static route solved the problem.
                              Last edited by Miroslav Jeftic; 4th June 2008, 16:26.

                              Comment

                              Working...
                              X