Cannot Ping a server after configuring the Routing and Remote Access Services

After configuring the Routing and Remote Access Services to be a both VPN and NAT service, I cannot ping that server anymore from the external side. But when I configure it to be just a VPN server, or just a NAT server, I do able to ping it from the external side.

My configuration is like:

DC: 192.168.20.11 VPN and NUT: Nic 1: 192.168.20.1, NIC 2: 192.168.147.171 Client: 192.168.147.1

The mask is always: 255.255.255.0

I cannot understand why when configuring the VPN server to be a VPN and NAT, I cannot ping the server anymore.


Check the External Inbound/Outbound Packet Filters - most likely it enabled highly restrictive filters that just allow inbound/outbound VPN traffic (that's what it did on mine). Open the RRAS console, expand IPv4, click General, right click your External interface->Properties. Check the inbound/outbound filters. You're probably going to want to add ICMP to both (ICMP type 8 code 0 for ICMP requests, type 0 code 0 for replies).


I too found (following Dan's answer - +1) that restrictive filters were added when I installed RRAS on my new Windows Server 2008 R2 machine.

Looking at the same thing on Windows Server 2003, no such filters were added by default.

To restore the ability to ping the machine (or RDP in, or pretty much anything else) I first just unticked Enable IP Router Manager under:

RRAS Console > IPv4 > Local Area Connection (ie External interface) > General.

Then when I added the ICMP filter as Dan described, I could reenable the IP Router Manager and still get in via the non-VPN IP address.