JSI Tip 3442. You can't ping the Internet adapter after configuring Windows 2000 RRAS as a VPN server?

When RRAS is running, and you have both an internal and external NIC, you can't ping the external NIC?

The RRAS Setup Wizard installs filters on the external (Internet) adapter to process only VPN traffic. The filters are:

 Src Addr   Src Mask   Dest Addr   Dest Mask   Protocol   Src Port   Dest Port   Description 
 Any  Any  Any  Any  47  Any  Any  GRE
 Any  Any  Any  Any  TCP  1723  Any  PPTP Inbound
 Any  Any  Any  Any  TCP  Any  1723  PPTP Outbound 
 Any  Any  Any  Any  UDP  500  500  ISAKMP
 Any  Any  Any  Any  UDP  1701  1701  L2TP

To see a which filters are defined for an adapter:

1. Start the Routing and Remote Access snap-in in Microsoft Management Console (MMC).

2. Expand the IP Routing node in the left hand pane.

3. Press General in the left hand pane.

4. Right-click the adapter in the right hand pane, and then press Properties.

5. You can view and edit the Inbound and Outbound filters on the General tab.

To allow pinging to and from the external network adapter, add Inbound and Outbound filters to the adapter to allow ICMP (Internet Control Message Protocol) packets to be processed on the adapter:

1. Follow steps 1 - 4 above.

2. Press Input Filters.

3. Press Add.

4. Select ICMP in the Protocol box.

5. Press OK and OK.

6. Press Output Filters.

7. Press Add.

8. Select ICMP in the Protocol box.

9. Press OK and OK.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.