Workstations on the office VLAN are assigned IP addresses in the 10.10.0.0/16 range. It's defined as a "Work" network and is using the "Private" firewall rule set. We use a central firewall / router to pass traffic between the VLANs and different IP ranges.
One of those IP ranges is assigned to our VPN solution, 10.100.0.0/16. For some reason, Windows Firewall (at least in Windows 7) is blocking all incoming traffic from 10.100 addresses, including pings and SMB traffic.
Why is this traffic being blocked? I thought the rules on "Private" connections were more relaxed. Is it because the traffic is coming from outside of the LAN's netmask/subnet? The wording on some of the "Private" rules suggests this, but I'm not 100% sure.
Can the traffic be permitted without creating new firewall rules? Rather, if it really is the netmask/subnet causing the problem, is there a way to make either the network configuration or Windows Firewall see it as sane? Creating new rules works, I'd just rather not have to go to each workstation and apply it manually. We don't yet have a domain, so no group policy pushing.
By default Windows 7 blocks ICMP echo requests, so the only other option besides creating an exception in the firewall is to disable the firewall completely.
After further research:
It looks like I'm either going to need to duplicate all of the needed firewall rules on a case-by-case basis or change the IP range that our VPN uses.