Windows 2008上的SSTP无法向任一方向ping

我有以下设置.

服务器：已将Windows 2008服务器配置为AD,DHCP,DNS,CA和RRAS.总而言之,RRAS可以接受SSTP连接,客户端可以正常连接.客户获得IP地址.

客户端：Windows 7操作系统

组态：

我在外围有一个linux防火墙.已打开端口以将443转发到RRAS服务器上的内部IP地址和端口.

专用网络位于10.100.0.0/16子网上.

RRAS服务器有2个NIC. NIC1 = 10.100.85.15,NIC2 = 10.100.85.16. NIC2正在接受来自公共互联网的SSTP连接. NIC2上的适配器设置仅具有静态IP和子网.在NIC2上没有配置网关和DNS服务器(我根据我在某些地方读到的有关在Windows 2003上设置PPTP的内容). NIC1在2个NIC中具有最高优先级.

RRAS仅针对VPN设置(无NAT). IP地址分配是静态的,它是从10.100.77.250到10.100.77.254(与专用网络相同的子网)的池中.

我已经在入站和出站过滤器中的任何一个方向上允许ICMP.

Windows防火墙已配置为允许几乎所有内容 – 然后在此配置中我关闭了Windows防火墙服务.

我没有向RRAS添加任何静态路由.

如前所述,VPN客户端能够通过SSTP和get和IP地址连接到RRAS.客户端能够ping RRAS网关(10.100.77.250),NIC1和NIC2.

问题：

客户端无法ping到RRAS服务器以外的任何计算机

更多调试信息：

我在RRAS服务器上安装了Microsoft Network Monitor来监控ICMP数据包.我确实看到ICMP请求从客户端(比如10.100.77.251)到RRAS到目标服务器(比如10.100.20.10),而10.100.20.10响应ICMP回复到10.100.77.251,以太网地址为NIC1.此时,这是RRAS服务器的路由表.

===========================================================================
Interface List
 12 ...7a dd d0 eb af 8c ...... Citrix PV Ethernet Adapter #0
 13 ...7e ab 6f 21 e8 30 ...... Citrix PV Ethernet Adapter #1
 26 ........................... RAS (Dial In) Interface
  1 ........................... Software Loopback Interface 1
 14 ...00 00 00 00 00 00 00 e0  isatap.{BCF77165-229C-410C-AE43-D71B6D902F6A}
 27 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter
 15 ...00 00 00 00 00 00 00 e0  isatap.{4705FD1E-0998-43A4-9EBE-46776B90B205}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.100.0.1     10.100.85.15    356
       10.100.0.0      255.255.0.0         On-link      10.100.85.15    356
       10.100.0.0      255.255.0.0         On-link      10.100.85.16    358
    10.100.77.253  255.255.255.255    10.100.77.253    10.100.77.254     31
    10.100.77.254  255.255.255.255         On-link     10.100.77.254    286
     10.100.85.15  255.255.255.255         On-link      10.100.85.15    356
     10.100.85.16  255.255.255.255         On-link      10.100.85.16    358
   10.100.255.255  255.255.255.255         On-link      10.100.85.15    356
   10.100.255.255  255.255.255.255         On-link      10.100.85.16    358
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      10.100.85.16    358
        224.0.0.0        240.0.0.0         On-link      10.100.85.15    356
        224.0.0.0        240.0.0.0         On-link     10.100.77.254    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      10.100.85.16    358
  255.255.255.255  255.255.255.255         On-link      10.100.85.15    356
  255.255.255.255  255.255.255.255         On-link     10.100.77.254    286
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0       10.100.0.1  Default 
          0.0.0.0          0.0.0.0       10.100.0.1  Default 
          0.0.0.0          0.0.0.0       10.100.0.1  Default 
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    266 fe80::/64                On-link
 12    266 fe80::/64                On-link
 12    266 fe80::a8b1:77f:5eb0:d5a8/128
                                    On-link
 13    266 fe80::f8a0:2a9d:bee9:e688/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    266 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

我知道有一些路由问题…我已经尝试了所有组合在RRAS中插入路由添加但没有任何作用.任何帮助是极大的赞赏.

更新：将AD计算机转换为单个NIC配置.这是连接客户端时客户端和RRAS上的路由表.

===========================================================================
Interface List
 12 ...7a dd d0 eb af 8c ...... Citrix PV Ethernet Adapter #0
 22 ........................... RAS (Dial In) Interface
  1 ........................... Software Loopback Interface 1
 23 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter
 14 ...00 00 00 00 00 00 00 e0  isatap.{4705FD1E-0998-43A4-9EBE-46776B90B205}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.100.0.1     10.100.85.15    356
       10.100.0.0      255.255.0.0         On-link      10.100.85.15    356
    10.100.77.252  255.255.255.255    10.100.77.252    10.100.77.254     31
    10.100.77.254  255.255.255.255         On-link     10.100.77.254    286
     10.100.85.15  255.255.255.255         On-link      10.100.85.15    356
   10.100.255.255  255.255.255.255         On-link      10.100.85.15    356
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      10.100.85.15    356
        224.0.0.0        240.0.0.0         On-link     10.100.77.254    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      10.100.85.15    356
  255.255.255.255  255.255.255.255         On-link     10.100.77.254    286
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0       10.100.0.1  Default 
          0.0.0.0          0.0.0.0       10.100.0.1  Default 
          0.0.0.0          0.0.0.0       10.100.0.1  Default 
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    266 fe80::/64                On-link
 12    266 fe80::a8b1:77f:5eb0:d5a8/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

客户

===========================================================================
Interface List
 23...........................VPN
 10...08 00 27 e9 14 91 ......Intel(R) PRO/1000 MT Desktop Adapter
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.123.2   192.168.123.15     10
         10.0.0.0        255.0.0.0    10.100.77.254    10.100.77.252     11
    10.100.77.252  255.255.255.255         On-link     10.100.77.252    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.123.0    255.255.255.0         On-link    192.168.123.15    266
   192.168.123.15  255.255.255.255         On-link    192.168.123.15    266
  192.168.123.255  255.255.255.255         On-link    192.168.123.15    266
  216.218.195.214  255.255.255.255    192.168.123.2   192.168.123.15     11
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.123.15    266
        224.0.0.0        240.0.0.0         On-link     10.100.77.252    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.123.15    266
  255.255.255.255  255.255.255.255         On-link     10.100.77.252    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

我发现了两件事. 1)AD应该永远不会有多个NIC. MS不支持多宿主DC.但我不认为这会导致你的问题. 2)您关闭了Windows防火墙服务.可能不是一个好主意.尝试重新打开服务并运行以下命令以禁用配置文件.

Netsh advfirewall set allprofiles state off

我仍然不确定这是否能解决你的问题,但这两件事情都突然袭来.

原文链接：https://www.f2er.com/windows/365550.html

Windows 2008上的SSTP无法向任一方向ping

猜你在找的Windows相关文章