Windows server firewall domain profile drops outside traffic

M Copious 1 Reputation point
2020-12-02T19:34:23.913+00:00

I have a Windows Server 2019 with two nic's, one connected to the internet via een router and modem, this nic 2 and has a static ip. The second nic is connected with the internal network.

The server has a RAS role with VPN deployed, sometimes clients can't connect and their IP's a picked op bij the domain profile and dropped. Clients that can connect don't show up in the domain log. It's possible for a client to make a connection and later on the same day, the traffic of the same ip is dropped by the domain firewall. For example (I have changed the ip's):

2020-12-02 20:18:36 DROP TCP 156.96.114.175 92.112.234.127 56089 1723 0 - 0 0 0 - - - RECEIVE
2020-12-02 20:18:39 DROP TCP 156.96.114.175 92.112.234.127 56089 1723 0 - 0 0 0 - - - RECEIVE
2020-12-02 20:18:45 DROP TCP 156.96.114.175 92.112.234.127 56089 1723 0 - 0 0 0 - - - RECEIVE

I can't understand why some ip's show up in the domain firewall and are dropped and some are not, and can make a connection. Can someone point me in de right direction? Thank you very much.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,431 questions
0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. Dave Patrick 426K Reputation points MVP
    2020-12-02T19:38:56.21+00:00

    What other roles are installed? Something here may help.
    https://www.thomasmaurer.ch/2018/05/how-to-install-vpn-on-windows-server-2019/

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

  2. M Copious 1 Reputation point
    2020-12-02T19:43:42.537+00:00

    Thank you for your answer. The server is part of a domain but there are no other roles installed. When I turn the firewall off, it's still not possible to connect.

    I've seen the link and that's pretty much how it's installed.

    0 comments No comments

  3. Dave Patrick 426K Reputation points MVP
    2020-12-02T19:47:27.25+00:00

    When I turn the firewall off, it's still not possible to connect

    Then it cannot be a windows firewall problem.

    0 comments No comments

  4. Gloria Gu 3,891 Reputation points
    2020-12-03T02:35:33.49+00:00

    @M Copious Hi,

    Thank you for posting in Q&A!

    Since that you disabled the microsoft firewall but it still cannot connect, so the problem is not with the firewall. Have you installed other third-party firewall? Please disable it temporarily and test.

    If the client cannot conntect vpn, please check the event logs in the client and RAS server(If there's a NPS server, check the NPS server too) to check if there's some event logs or error code related to this failure. It will be helpful to our troubleshooting.

    Client Log Name: Application, Source: RasClient

    Hope you have a nice day : )
    Gloria

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
    https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html

    0 comments No comments

  5. M Copious 1 Reputation point
    2020-12-03T11:28:30.147+00:00

    There is no third party firewall and I can't find any related errors in the logs.

    With further testing I did notice that's possible for the clients to connect when 'Enable IPv4 forwarding' is turned off, but then the internal network is not accesible. When I enabled this, they con't connect anymore.

    When I enable the Ipv4 forwarding and turn off the firewall for the domain, I can connect but there is no access to the internal network.