Ping "General Failure" Intermittent Issue (vSphere 5.0 VM, Port Group, EST) Multi-Homed RRAS on Windows Server 2012 R2

There are intermittent issues with your Windows Server 2012 R2 VM, with Routing and Remote Access installed. The VM is running on vSphere v5.0 and it is connected to a Port Group, connected to a dedicated vSwitch. Extensible Switch Tagging (EST) is in place therefore the physical switch stack is doing all the VLAN tagging.

The network interface are configured to support a multi-homed RRAS server to provide L2TP/IPsec VPN to clients, one interface is external which is configured behind a Cisco ASA firewall. Due to L2TP/IPsec being utilized NAT-T is configured to forward external traffic to this interface. The internal interface is connected to the Production subnet.

When the server is booted, you can ping resources both internal and external without issue, if you use the ping 8.8.8.8 -t command to send continuous ICMP packets, it begins to fail with General Failure.

 

It turned out to be, and you guest it an issue with Microsoft Routing and Remote Access. The fix was to disable the Inbound and Outbound Filters, although this may seem to be a security risk in this instance the RRAS server is behind a Cisco ASA Firewall therefore the software filters on RRAS are not required.

To disable the filters expand IPv4 and General, then right click on each of the interfaces and select Properties.

Click Inbound Filters...

 

Click Receive all packets except those that meet the crtieria below click OK to commit the changes.

 

Do the same for the Outbound Filters but ensure Transmit all packets except those that meet the criteria below, again click OK.

 

Now if you attempt to try the ping the resources both externally and internally you will probably find it now works successfully. Yet another fix that would encourage you to deploy a proper hardware VPN concentrator such as a Cisco ASA, Juniper, NetScaler etc.