This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 18%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
I have a Windows Server 2019 with two nic's, one connected to the internet via een router and modem, this nic 2 and has a static ip. The second nic is connected with the internal network.
The server has a RAS role with VPN deployed, sometimes clients can't connect and their IP's a picked op bij the domain profile and dropped. Clients that can connect don't show up in the domain log. It's possible for a client to make a connection and later on the same day, the traffic of the same ip is dropped by the domain firewall. For example (I have changed the ip's):
2020-12-02 20:18:36 DROP TCP 156.96.114.175 92.112.234.127 56089 1723 0 - 0 0 0 - - - RECEIVE
2020-12-02 20:18:39 DROP TCP 156.96.114.175 92.112.234.127 56089 1723 0 - 0 0 0 - - - RECEIVE
2020-12-02 20:18:45 DROP TCP 156.96.114.175 92.112.234.127 56089 1723 0 - 0 0 0 - - - RECEIVE
I can't understand why some ip's show up in the domain firewall and are dropped and some are not, and can make a connection. Can someone point me in de right direction? Thank you very much.
What other roles are installed? Something here may help.
https://www.thomasmaurer.ch/2018/05/how-to-install-vpn-on-windows-server-2019/
--please don't forget to Accept as answer if the reply is helpful--
Thank you for your answer. The server is part of a domain but there are no other roles installed. When I turn the firewall off, it's still not possible to connect.
I've seen the link and that's pretty much how it's installed.
When I turn the firewall off, it's still not possible to connect
Then it cannot be a windows firewall problem.
@M Copious Hi,
Thank you for posting in Q&A!
Since that you disabled the microsoft firewall but it still cannot connect, so the problem is not with the firewall. Have you installed other third-party firewall? Please disable it temporarily and test.
If the client cannot conntect vpn, please check the event logs in the client and RAS server(If there's a NPS server, check the NPS server too) to check if there's some event logs or error code related to this failure. It will be helpful to our troubleshooting.
Client Log Name: Application, Source: RasClient
Hope you have a nice day : )
Gloria
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html
There is no third party firewall and I can't find any related errors in the logs.
With further testing I did notice that's possible for the clients to connect when 'Enable IPv4 forwarding' is turned off, but then the internal network is not accesible. When I enabled this, they con't connect anymore.
When I enable the Ipv4 forwarding and turn off the firewall for the domain, I can connect but there is no access to the internal network.
Hi,
May I ask what's your client os version? Is it linux or windows? Because it seems that “Enable IPv4 forwarding” only exists in Linux system, in windows it's "packet forwarding".
Hi,
Would you mind letting me know the update of the problem?