IT bods - Ping/VPN/Windows firewall problems

[GeordieSteve]

Strange one here. I've got a number of laptops that connect through an RNA VPN connection which have windows firewall installed (all the normal exceptions made such as ICMP traffic, RDP, SMS blah blah blah). If I connect them up through the VPN and try to ping them from a PC on the LAN they eventually fail (it's intermittent). In order to re-establish the ICMP request I have to ping the machine on the lan from the laptop it's self. Is this some sort of handshaking and is there any reason you can think of why it drops the pings in the first place? I'm just busy trying to rule out Windows Firewall before I have to start looking into the head office for ISA, QoS etc.

 

Cheers

[GeordieSteve]

p.s. pathping fails at the laptop... until you ping from the laptop of course

[MaveriK]

Are the laptops in the same location?

 

Is the LAN your pinging from at the head office?

[JustGav]

It sounds like incoming ICMP might be blocked, and the firewall is allowing it throughly purely because a pre-established tunnel has been established....

[GeordieSteve]

Not tried to ping from head office. ICMP is enabled from all machines on 10.0.0.0/8

 

Now... it gets strange:

 

LAN machine pings VPN laptop fine

LAN machine then tries an RDP connection

Pings then fail constantly

VPN laptop pings LAN machine then LAN machine can ping VPN machine once again

 

EDIT: Tell a lie, Wireshark is showing ICMP requests going outbound

[JustGav]

Your VPN software isn't doing some strange splitdns/split tunnel thing by any chance, or perhaps blocking ICMP requests?

[GeordieSteve]

We're running over a pptp connection for VPN with RSA security. Can't understand why pings come through until a TS session is requested

[Thorin]

Have you tried turning it off and on again?

[tonyhawk]

Do you have a clustered firewall; you might be getting mismatched routing?

[GeordieSteve]

Ok we've worked out after plenty of testing that it IS infact windows firewall. It seems to block every port every now and again for no real reason. GAAAHHHH I hate this thing

[Branners]

I would suggest Windows Firewall sees it as an intrustion attack. Its an unknown system checking if the machine exists via a ping.

 

Simplest option is to put in a rule to allow ping protocols to and from the machine and it should work.

 

If I have an alternative firewall in place on the machine I tend to disable the windows one as it also stops remote control sessions and things like Symantec End-point from being able to see and update the laptop properly.

[GeordieSteve]

ICMP is allowed from 10.0.0.0/8 which is covers our whole internal infrastructure. It seems as though windows firewall turns off all ports when it's inactive and doesn't allow anything inbound until the laptop becomes active again (even pinging the outside world)